Remove admin_secret from riak-cs.conf and stanchion.conf [JIRA: RCS-307]

[kuenishi]

No description provided.

[shino]

Maybe, stanchion too.

[kuenishi]

Working branches:

• 2.1...ku/remove-admin-secret
• basho/stanchion@2.1...ku/remove-admin-secret

[kuenishi]

Pull requests (now running RT):

• Remove admin.secret from configuration #1279
• Remove admin.secret from configuration stanchion#108

[shino]

Memo: doc change needed.

[kuenishi]

Change summary:

Riak CS and Stanchion both used riak-cs.conf or stanchion.conf to tell the system who was the administrator, with admin.key and admin.secret. Writing down admin.secret in non-encrypted form may risk the whole system of the secret being stolen. Administrator is able to (1) list all users, (2) disable/enable other users, (3) changing user accounts. Workaround for this is probably encrypting the partition that includes /etc/riak-cs directory.

These changes will enable Riak CS and Stanchion start up without admin.secret specified in configuration files, while admin.key is still needed. Even if admin.secret is written in those files, Riak CS and Stanchion ignores them. Initial procedure to create the very first account starting anonymous_user_creation = true does not change, though.

[shino]

Another related PR: basho/riak_cs_multibag#33

[TJC]

hey guys -- could you update http://docs.basho.com/riak/cs/2.1.1/cookbooks/configuration/riak-cs/ to reflect the current correct and best practices in regard to the admin secret? I'm confused.

[ParthKolekar]

Plus one. Do we need to put the admin secrets in the file or not?