encrypt passwords and keys #1508

abarz722 · 2022-01-28T16:33:34Z

goal: database must not contain any cleartext passwords (currently mainly fw management api passwords for importing)

put the encryption key (mainkey) into file in etc/secrets
to keep it idempotent, upgrade script must first check if a key is already encrypted by trying to decrypt
all reads to passwords (both in importer and C# parts) must read the mainkey and decrypt the passwords with it, then resume as before
all pwd writes must add salt and enrypt before writing passwords/keys
encrypt ldap_connections.ldap_search_user_pwd
decrypt pwd in importer
decrypt pwd in autodiscovery (mw)

tpurschke · 2024-03-08T07:34:20Z

needed for compliance reasons

abarz722 added the enhancement New feature or request label Jan 28, 2022

abarz722 added this to the phase 2 - 2022 milestone Jan 28, 2022

abarz722 mentioned this issue Jan 28, 2022

UI settings - separate password and ssh key secrets #1301

Closed

tpurschke self-assigned this Mar 8, 2024

tpurschke modified the milestones: feature backlog, next features Mar 8, 2024

tpurschke mentioned this issue Apr 2, 2024

Develop various small improvements #2368

Merged

tpurschke closed this as completed Apr 7, 2024

github-project-automation bot added this to FWO RBA & Authentication Aug 28, 2024

github-project-automation bot moved this to Done in FWO RBA & Authentication Aug 28, 2024

Provide feedback