Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store sensitive data in a secret store, not Porter's database #1027

Closed
carolynvs opened this issue May 5, 2020 · 7 comments
Closed

Store sensitive data in a secret store, not Porter's database #1027

carolynvs opened this issue May 5, 2020 · 7 comments
Assignees
@VinozzZ
Labels
1 - 🍫 Eat chocolate _after_ emergency donuts cnab Related to the CNAB spec security 🔒 Security issues, bugs and features
Projects
Porter and Mixins
Milestone
1.0

Comments

@carolynvs
Copy link
Member

carolynvs commented May 5, 2020
edited
Loading

Claims store sensitive data (parameters) and should not be stored in the database. We should come up with a way to store sensitive data from claims and other tables in the user's secret store, then when we retrieve the data, look up the sensitive values if needed to get a full document.

For some calls, maybe we don't need the data, we are just listing claims, but others like retrieving outputs and showing the values, will need to get the real values from the secret store.
@carolynvs carolynvs added 1 - 🍫 Eat chocolate _after_ emergency donuts cnab Related to the CNAB spec labels May 5, 2020
@carolynvs carolynvs self-assigned this May 5, 2020
@carolynvs carolynvs moved this from Inbox to In Progress in Porter and Mixins [OLD] May 11, 2020
@vdice vdice mentioned this issue May 19, 2020
Closed
@carolynvs carolynvs added this to the Claims milestone Jun 4, 2020
@carolynvs carolynvs moved this from In Progress to Inbox in Porter and Mixins [OLD] Aug 26, 2020
@vdice vdice removed this from Inbox in Porter and Mixins [OLD] Sep 16, 2020
@carolynvs carolynvs modified the milestones: Claims, 1.0 May 10, 2021
@carolynvs carolynvs added the security 🔒 Security issues, bugs and features label Nov 18, 2021
@carolynvs carolynvs removed their assignment Feb 1, 2022
@VinozzZ VinozzZ added this to Backlog in Porter and Mixins Feb 24, 2022
@VinozzZ VinozzZ self-assigned this Feb 28, 2022
@carolynvs carolynvs moved this from Backlog to In Progress in Porter and Mixins Feb 28, 2022
@carolynvs carolynvs changed the title Encrypt claim data at rest Store sensitive data in a secret store, not Porter's database Mar 4, 2022
@carolynvs carolynvs mentioned this issue Mar 11, 2022
Closed
@VinozzZ
Copy link
Contributor

VinozzZ commented Mar 14, 2022

The current plan is to allow users to specify a destination for porter output through the same secrete plugin they use for resolving secrete values that needed to run bundle.
It would look something like this
`
default-secrets = "mysecrets"

[[secrets]]
name = "mysecrets"
plugin = "azure.keyvault"

[secrets.config]
input-vault = "myinputvault"
output-vault = "myoutputvault"
`

After checking the limitations on Azure key vault and Hashicorp vault, it looks like the upper limit for number of keys stored in a vault is only affected by the underlying storage space. However, Hashicorp does have a per object size limit. Therefore, I plan to store each installation output separately using installation id or run id.

@carolynvs
Copy link
Member Author

This sounds like a good plan, looking forward to your PR! 🚀

@carolynvs carolynvs mentioned this issue Apr 5, 2022
Closed
@VinozzZ VinozzZ mentioned this issue Apr 8, 2022
Closed
@VinozzZ VinozzZ mentioned this issue Apr 18, 2022
Merged
4 tasks
@carolynvs
Copy link
Member Author

Here's a list of additional content we need to properly document this feature (and yeah it's backfilling missing content we have always been missing!) It doesn't have to all be done in a single PR and we can work on some of this together.

  • Task document under Tasks -> End Users -> Create a Porter Config File. It should explain how to create a config file, what the defaults are (e.g. the host plugin for secrets, and the mongodb-docker plugin for storage). It should then explain how to configure the filesystem plugin for secrets, and point out which plugins are suitable for production for both storage and secrets.
  • Quickstart document under Get Started -> QuickStarts -> Configuration. It should explain the default plugins, how to configure porter for trying it out, link to the production plugins. Link to the Config file doc page in the Next Steps.
  • Blog post announcing how we store secrets in v1 and walking them through how to configure both the filesytem plugin, and link to the docs for how to configure a production plugin.
  • Update the configuration page with the new defaults and a link to configure secrets and storage plugins.

@VinozzZ
Copy link
Contributor

VinozzZ commented Apr 26, 2022

I will start work on the Quickstart document

This was referenced Apr 26, 2022
Merged
Merged
@VinozzZ
Copy link
Contributor

VinozzZ commented Apr 29, 2022

Started on the Task document

@VinozzZ
Copy link
Contributor

VinozzZ commented May 5, 2022

After looking at the example output from azure keyvault, we probably should add an dash in the secret key to make it more friendly to users to see

@VinozzZ VinozzZ mentioned this issue May 13, 2022
Merged
4 tasks
@carolynvs carolynvs mentioned this issue May 18, 2022
Merged
4 tasks
@VinozzZ VinozzZ mentioned this issue May 25, 2022
Merged
4 tasks
@carolynvs
Copy link
Member Author

Is this okay to close?

Porter and Mixins automation moved this from In Progress to Done May 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VinozzZ VinozzZ

Labels
1 - 🍫 Eat chocolate _after_ emergency donuts cnab Related to the CNAB spec security 🔒 Security issues, bugs and features
Projects
Porter and Mixins
  
Done
Milestone
1.0
Development

No branches or pull requests
2 participants
@carolynvs @VinozzZ