I am going to use cloud firestore within my flutter app to store data from a questionnaire. Although the questionnaire itself DOES NOT ask for personal information, such as name, phone, email or passwords etc, it DOES ask several questions and produce data that I would not want an admin of cloud firestore to see. During a meeting it was identified that risk to data security was that an admins account could be compromised and people would be able to view/export plain text data. I have looked at end to end encryption for this, however, a designated person from within my company will need to process the data and thus will need to de-encrypt the data later on.
How should I encrypt the data on cloud firestore so that
Just from googling my thoughts are that I should perhaps make a public key available on the device side for encryption onto the database. I should keep a private key safe so only the person processing the data will be able to de-encrypt later on.
Is there a workflow that people use for this?
Sorry if this is a basic question!
What you're describing is pretty much how to do this: encrypt the data client-side before sending it to Firestore, then again decrypt it in your dashboards and anywhere else you need to display it. That's the only way to ensure that collaborators on the project won't be able to see the data.
Alternatively, you can consider not giving anyone access to the Firestore panel in the Firebase console for the project that you use for production data. So in that case developers can see everything unencrypted in the development project, but nothing in the production project.