Project

Profile

Help

Task #8704

Story #8192: [EPIC] As a user, I can rest easy with all sensitive credentials in the database encrypted at rest

Installer: create a key for pulp to use when encrypting sensitive db fields

Added by daviddavis about 1 month ago. Updated 2 days ago.

Status:
MODIFIED
Priority:
Normal
Category:
Installer
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 98
Quarter:

Description

#8192 encrypts fields in our database using a private key. We need to have the installer generate this key. Pulp will read in this key and use it to encrypt/decrypt sensitive fields in our database.

From #8192:

The private key will need to be generated at install time. We need to determine where to keep these by default securely. They need to be readable by code without a human involved.

Associated revisions

Revision f196208b View on GitHub
Added by Mike DePaulo 10 days ago

Create or import a key for pulp-api to use when

encrypting sensitive db fields.

Introduces new variables pulp_db_fields_key & pulp_db_fields_key_remote.

fixes: #8704 Create a key for pulp to use when encrypting sensitive db fields https://pulp.plan.io/issues/8704

Revision 9a7291f9 View on GitHub
Added by daviddavis 6 days ago

Use openssl to generate db key

ref #8704

History

#1 Updated by daviddavis about 1 month ago

  • Blocks Story #8192: [EPIC] As a user, I can rest easy with all sensitive credentials in the database encrypted at rest added

#2 Updated by daviddavis about 1 month ago

Here's how to generate the key:

dd if=/dev/urandom bs=32 count=1 2>/dev/null | openssl base64

#3 Updated by mdepaulo@redhat.com about 1 month ago

  • Assignee set to mdepaulo@redhat.com

#4 Updated by daviddavis about 1 month ago

  • Blocks deleted (Story #8192: [EPIC] As a user, I can rest easy with all sensitive credentials in the database encrypted at rest)

#5 Updated by daviddavis about 1 month ago

  • Parent task set to #8192

#6 Updated by mdepaulo@redhat.com about 1 month ago

Needs to be done by the end of sprint 97. (per daviddavis)

#7 Updated by rchan about 1 month ago

  • Sprint changed from Sprint 96 to Sprint 97

#8 Updated by daviddavis 24 days ago

  • Status changed from NEW to ASSIGNED

#9 Updated by rchan 15 days ago

  • Sprint changed from Sprint 97 to Sprint 98

#10 Updated by pulpbot 10 days ago

  • Status changed from ASSIGNED to POST

#11 Updated by daviddavis 9 days ago

  • Subject changed from Create a key for pulp to use when encrypting sensitive db fields to Installer: create a key for pulp to use when encrypting sensitive db fields

#12 Updated by Anonymous 7 days ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#14 Updated by bmbouter 2 days ago

  • Sprint/Milestone set to 3.14.0

Please register to edit this issue

Also available in: Atom PDF