Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

  •  
     
    story #10606 encrypt bugzilla credentials (API key) before storing in the DB
Actions
Summary
Empty
encrypt bugzilla credentials (API key) before storing in the DB

I don't leak credentials in the DB (backups & co)

Functional concerns

As site admin, in bugzilla reference plugin administration:

  • A warning is displayed on references whose api key in store in cleartext

Then, at reference creation or update, when updating the API key,

  • If not already present, generate a random secret in a file in etc/tuleap/conf/encryption_secret.key (owned by codendiadm 00400)
  • Use this secret to encrypt the API key and store the encrypted stuff in DB
  • The encrypted API key is stored in a new column and the cleartext version is nulled

When the reference is used

  • Use the secret to decrypt the API key before usage

Note: make the mecanism generic for other credentials later on

Technical concerns

Leverage on sodium_compat the official polyfill of libsodium that is the recommended/trusted way to do encryption in PHP starting 7.2

Our wrapper must ensure that the secret will not leak:

  • On object clone
  • In stack traces
  • In serialization attempts
Empty
Nouha Terzi (terzino)
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#10606
Manuel Vacelet (vaceletm)
2017-10-04 13:32
2017-08-29 11:08
10742

References
Artifact links
Empty
Referencing story #10606

Artifact Tracker v5

epic #10239 Tuleap - Bugzilla integration
rel #10584 9.13

Git commit

tuleap/tuleap/stable

Retrieve the encryption key that is going to be needed to read a Bugzilla API key f6a008fcb7
User avatar Thomas Gerbet (tgerbet) , 2017-09-27 09:52
Store Bugzilla credentials encrypted 89b64a3ad3
User avatar Thomas Gerbet (tgerbet) , 2017-09-27 17:44
Encrypted Bugzilla API keys can be used 894843617d
User avatar Thomas Gerbet (tgerbet) , 2017-10-02 16:47
Harden the Tuleap cryptography API ed8f6bc3ed
User avatar Thomas Gerbet (tgerbet) , 2017-10-03 13:05
Add a warning for Bugzilla references whose API key has been stored in cleartext a1d032b116
User avatar Thomas Gerbet (tgerbet) , 2017-10-03 15:31
Update to paragonie/sodium_compat 1.3.1 2009ca05c1
User avatar Thomas Gerbet (tgerbet) , 2017-10-03 13:14
Display settings

Follow-ups

User avatar
Thomas Gerbet (tgerbet)2017-09-27 11:03
Updating the key path to acknowledge the fact we might end up with different kind of keys in the future. It is easier to make it explicit since the beginning than to change it latter.
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar
Manuel Vacelet (vaceletm)2017-09-11 14:53

Hello Nouha,

Thanks to the polyfill, the solution based on libsodium doesn't require upgrade to php 5.6.

User avatar
Nouha Terzi (terzino)2017-09-11 12:57
Hello Manuel,

As far as I remember, you told us that this feature will require the use of php-5.6, is still the case? are we constrained to do the upgrade before having this feature?


regards,
Nouha
User avatar
Manuel Vacelet (vaceletm)2017-08-30 13:44
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar
Manuel Vacelet (vaceletm)2017-08-29 11:16
  • So that
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • Permissions set to