Project

Profile

Help

Story #48

closed

Plugins: Ability to flag sensitive data

Added by Anonymous over 9 years ago. Updated almost 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

I'll use an artificial example to explain the issue, but realize there are already legitimate use cases for this.Let's say an importer needs a username/password to access an external source. As of right now, there are two issues:* The importer configuration values are stored in plain text in the database.* The importer configuration is displayed, in its entirety, when using the built in ""pulp-admin repo list --details"" command.I think the solution is to add a new attribute to the plugin metadata section that lets the plugin tell Pulp the names of configuration values that contain sensitive data. That can cause Pulp to do the following:* Encrypt in some fashion that portion of the configuration when persisting to the database.* Decrypt those fields when retrieving the configuration only when it is going to be used by the plugin.* By comparison, when returning data about a repo's plugins, the field is returned encrypted.* Optionally, the built in extensions can detect which fields are encrypted and display a message to the user informing them that the value is present but hidden.I haven't thought through this solution 100% yet, but it's a start.

Also available in: Atom PDF