•  
     
    story #10606 encrypt bugzilla credentials (API key) before storing in the DB
Summary
Empty
encrypt bugzilla credentials (API key) before storing in the DB

I don't leak credentials in the DB (backups & co)

Functional concerns

As site admin, in bugzilla reference plugin administration:

  • A warning is displayed on references whose api key in store in cleartext

Then, at reference creation or update, when updating the API key,

  • If not already present, generate a random secret in a file in etc/tuleap/conf/encryption_secret.key (owned by codendiadm 00400)
  • Use this secret to encrypt the API key and store the encrypted stuff in DB
  • The encrypted API key is stored in a new column and the cleartext version is nulled

When the reference is used

  • Use the secret to decrypt the API key before usage

Note: make the mecanism generic for other credentials later on

Technical concerns

Leverage on sodium_compat the official polyfill of libsodium that is the recommended/trusted way to do encryption in PHP starting 7.2

Our wrapper must ensure that the secret will not leak:

  • On object clone
  • In stack traces
  • In serialization attempts
Empty
Nouha Terzi (terzino)
Status
Done
Development
Empty
Empty
Details
#10606
Manuel Vacelet (vaceletm)
2017-10-04 13:32
2017-08-29 11:08
9861

References

Follow-ups

  • User avatar
    • Status changed from On going to Done
  • User avatar
    gerrit #9620 integrated into Tuleap 9.12.99.86
  • User avatar
    gerrit #9623 integrated into Tuleap 9.12.99.85
  • User avatar

    gerrit #9600 integrated into Tuleap 9.12.99.76

  • User avatar
    last edited by: Manuel Vacelet (vaceletm) 1 year ago

    gerrit #9588 integrated in Tuleap 9.12.99.74

  • User avatar
    gerrit #9581 integrated into Tuleap 9.12.99.52
  • User avatar
    gerrit #9578 integrated into Tuleap 9.12.99.46
  • User avatar
    Updating the key path to acknowledge the fact we might end up with different kind of keys in the future. It is easier to make it explicit since the beginning than to change it latter.

    • Acceptance criteria
  • User avatar
    • Status changed from To be done to On going
  • User avatar

    Hello Nouha,

    Thanks to the polyfill, the solution based on libsodium doesn't require upgrade to php 5.6.

  • User avatar
    Hello Manuel,

    As far as I remember, you told us that this feature will require the use of php-5.6, is still the case? are we constrained to do the upgrade before having this feature?


    regards,
    Nouha
  • User avatar
    • Acceptance criteria
  • User avatar
    • CC list set to Nouha Terzi (terzino)
  • User avatar
    • So that
    • Acceptance criteria
    • Permissions set to