•  
     
    story #10606 encrypt bugzilla credentials (API key) before storing in the DB
Summary
Empty
encrypt bugzilla credentials (API key) before storing in the DB

I don't leak credentials in the DB (backups & co)

Functional concerns

As site admin, in bugzilla reference plugin administration:

  • A warning is displayed on references whose api key in store in cleartext

Then, at reference creation or update, when updating the API key,

  • If not already present, generate a random secret in a file in etc/tuleap/conf/encryption_secret.key (owned by codendiadm 00400)
  • Use this secret to encrypt the API key and store the encrypted stuff in DB
  • The encrypted API key is stored in a new column and the cleartext version is nulled

When the reference is used

  • Use the secret to decrypt the API key before usage

Note: make the mecanism generic for other credentials later on

Technical concerns

Leverage on sodium_compat the official polyfill of libsodium that is the recommended/trusted way to do encryption in PHP starting 7.2

Our wrapper must ensure that the secret will not leak:

  • On object clone
  • In stack traces
  • In serialization attempts
Empty
Nouha Terzi (terzino)
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#10606
Manuel Vacelet (vaceletm)
2017-10-04 13:32
2017-08-29 11:08
10742

References

Follow-ups

User avatar
Thomas Gerbet (tgerbet)2017-09-27 11:03
Updating the key path to acknowledge the fact we might end up with different kind of keys in the future. It is easier to make it explicit since the beginning than to change it latter.

  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar

Hello Nouha,

Thanks to the polyfill, the solution based on libsodium doesn't require upgrade to php 5.6.

User avatar
Nouha Terzi (terzino)2017-09-11 12:57
Hello Manuel,

As far as I remember, you told us that this feature will require the use of php-5.6, is still the case? are we constrained to do the upgrade before having this feature?


regards,
Nouha
User avatar
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar
  • So that
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • Permissions set to