request #44862 Protect DB encryption key against accidental changes

Infos

Artifact ID#44862

Submitted byThomas Gerbet (tgerbet)

Last Modified On2025-09-22 16:27

Submitted on2025-09-22 16:27

Rank46577

Details

Summary *

Protect DB encryption key against accidental changes

Original Submission

Tuleap stores a symmetric encryption key on disk. This key encrypts sensitive data before it is stored in the database, protecting it from unauthorized access by database administrators.

Administrators should not manually modify this key, as it has strict requirements regarding size and format. Any changes to the key would also require re-encrypting all existing encrypted data.

To ensure the integrity of this key Tuleap should:

Prevent direct editing: The key is stored in a format and location that discourages manual modification.
Detect missing key: a key should be detected as missing when one already been loaded/initialized.

To achieve that:

The key will now be stored under /var/lib/tuleap, as it is not configuration data and should be backed up alongside other Tuleap data.
The key will be stored using gzip encoding (RFC 1952) without compression, making it less likely that administrators will attempt to edit it (binary file with a checksum...).
Key generation is blocked if another key has already been loaded. The system compares the timestamp of the gzip file (MTIME entry) against a value stored in the database during initial key generation.

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusVerified

Close dateEmpty

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #44862

Git commit

tuleap/tuleap/stable

refacto: Merge SecretKeyFile behavior into KeyFactory 5c340e0ff5

Thomas Gerbet (tgerbet) , 2025-10-13 12:08

Public

Referencing request #44862

Git commit

tuleap/tuleap/stable

Follow-ups