Project

Profile

Help

Story #8192

As a user, I can rest easy with all sensitive credentials in the database encrypted at rest

Added by bmbouter 2 months ago. Updated 27 days ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Quarter:

Description

Motivation

Pulp stores sensitive credentials, e.g. password for Basic Auth, proxy password, or client key for client certificate based authentication in the database in plaintext. The authentication and authorization mechanisms of Pulp keep these safe, but if the database itself was compromised, or dumped, those secrets would be readable to anyone with a copy.

Proposal

Encrypt these credentials when they live in the database and decrypt them when they are used. This encryption would use symmetric encryption with a key stored on the filesystem that is generated at install time. A good option would be Fernet symmetric key encryption from the cryptography library.

Related to Story on Removing Secrets from API Response

The scope of the fields that are encrypted should be the same as those that are no longer returned in the API due to sensitivity. See Story 8202 for the list of fields.

Installation Details

The private key will need to be generated at install time. We need to determine where to keep these by default securely. They need to be readable by code without a human involved.


Related issues

Blocked by Pulp - Task #8202: Make sensitive fields write_only and stop filtering on themCLOSED - CURRENTRELEASE

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

History

#1 Updated by bmbouter 2 months ago

  • Sprint/Milestone set to 3.12.0

#2 Updated by bmbouter 2 months ago

  • Description updated (diff)

#3 Updated by bmbouter 2 months ago

  • Blocked by Task #8202: Make sensitive fields write_only and stop filtering on them added

#4 Updated by bmbouter about 2 months ago

  • Tags Katello added

#5 Updated by bmbouter about 2 months ago

  • Tags GalaxyNG added
  • Tags deleted (Katello)

#6 Updated by mdellweg 27 days ago

  • Sprint/Milestone changed from 3.12.0 to 3.13.0

Please register to edit this issue

Also available in: Atom PDF