Project

Profile

Help

Issue #9200

Task #8732: [EPIC] As a user, I can rest easy with all sensitive credentials in the database encrypted at rest

pulp_installer creates the db encryption key after the db is migrated

Added by daviddavis about 2 months ago. Updated 27 days ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
Installer
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Background here: https://github.com/pulp/pulpcore/pull/1301#discussion_r680329425

pulp_installer currently creates the db key when setting up the pulp-api service:

https://github.com/pulp/pulp_installer/blob/cd93e99687684056412ae75807a5185af59cede9/roles/pulp_api/tasks/main.yml#L76-L78

It needs to happen before we migrate though.

Associated revisions

Revision 646ae53d View on GitHub
Added by Fabricio Aguiar about 1 month ago

Generate DB fields encryption key before migrations

closes #9200

Revision 646ae53d View on GitHub
Added by Fabricio Aguiar about 1 month ago

Generate DB fields encryption key before migrations

closes #9200

History

#1 Updated by mdepaulo@redhat.com about 2 months ago

  • Assignee set to fao89

#2 Updated by mdepaulo@redhat.com about 2 months ago

  • Triaged changed from No to Yes

#3 Updated by pulpbot about 2 months ago

  • Status changed from NEW to POST

#4 Updated by Anonymous about 1 month ago

  • Status changed from POST to MODIFIED

#5 Updated by daviddavis about 1 month ago

  • Parent task changed from #8192 to #8732

#6 Updated by pulpbot 27 days ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF