Migrate secret keys from GPG to database-backed storage #6972
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For the final part of the GPG->Sequoia migration, we export sources' secret keys out of GPG and into database-backed storage for use with Sequoia/redwood functions. Because we don't have access to a source's GPG passphrase, we can only do this migration when they log in. If everything has been successfully migrated, then we delete the GPG key out of the keyring as well. Tests have been added that cover the pre-existing keypair generation code and the new secret key migration. Fixes #6802.
|
(Noting that I had to add the app code directory to PYTHONPATH to get an initial |
|
Basic functionality confirmed as per test plan! Given the impact of the change trying it out in a staging/prod env is probably also warranted, tho that can happen once all the sequoia changes are in place and we can try out stuff like upgrade/migration paths. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review
Description of Changes
For the final part of the GPG->Sequoia migration, we export sources' secret keys out of GPG and into database-backed storage for use with Sequoia/redwood functions. Because we don't have access to a source's GPG passphrase, we can only do this migration when they log in.
If everything has been successfully migrated, then we delete the GPG key out of the keyring as well.
Tests have been added that cover the pre-existing keypair generation code and the new secret key migration.
Fixes #6802.
Testing
make dev) and open a shell into the container, e.g.podman exec --user=root -it $(podman ps --filter name=securedrop --format '{{.ID}}') bashalembic stamp 811334d7105f(ID of the migration before public key one added in Migrate public keys from GPG to database-backed storage #6946)./loaddata.py --gpgto add some GPG sourcesalembic upgrade head, completes successfully. Then run a query likeselect filesystem_id, pgp_fingerprint, pgp_public_key, pgp_secret_key from sources;to verify we now have sources that have fingerprint + public key in the database, but not secret keyDeployment
Any special considerations for deployment? Not really.
Checklist
make lint) and tests (make test) pass in the development container