Project

Profile

Help

Issue #9200

closed

Task #8732: [EPIC] As a user, I can rest easy with all sensitive credentials in the database encrypted at rest

pulp_installer creates the db encryption key after the db is migrated

Added by daviddavis over 3 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Background here: https://github.com/pulp/pulpcore/pull/1301#discussion_r680329425

pulp_installer currently creates the db key when setting up the pulp-api service:

https://github.com/pulp/pulp_installer/blob/cd93e99687684056412ae75807a5185af59cede9/roles/pulp_api/tasks/main.yml#L76-L78

It needs to happen before we migrate though.

Actions #1

Updated by mdepaulo@redhat.com over 3 years ago

  • Assignee set to fao89
Actions #2

Updated by mdepaulo@redhat.com over 3 years ago

  • Triaged changed from No to Yes
Actions #3

Updated by pulpbot over 3 years ago

  • Status changed from NEW to POST

Added by Fabricio Aguiar over 3 years ago

Revision 646ae53d | View on GitHub

Generate DB fields encryption key before migrations

closes #9200

Added by Fabricio Aguiar over 3 years ago

Revision 646ae53d | View on GitHub

Generate DB fields encryption key before migrations

closes #9200

Actions #4

Updated by Anonymous over 3 years ago

  • Status changed from POST to MODIFIED
Actions #5

Updated by daviddavis over 3 years ago

  • Parent issue changed from #8192 to #8732
Actions #6

Updated by pulpbot over 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF