Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt migration credentials at rest (#15895) #16187

Merged
merged 1 commit into from
Jun 17, 2021
Merged

Encrypt migration credentials at rest (#15895) #16187

merged 1 commit into from
Jun 17, 2021

Conversation

zeripath
Copy link
Contributor

Backport #15895

Storing these credentials is a liability.

  • Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue)
    • security in depth: helps when attacker has access to DB only, but not app.ini
  • Delete all credentials (even encrypted) from the task table, once the migration is done, for safety
    • security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini

A Doctor task needs to be created to delete finished tasks and encrypt
current tasks.

@zeripath
Encrypt migration credentials at rest (go-gitea#15895)
fc601b1 
Backport go-gitea#15895

Storing these credentials is a liability.

* Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue)
  - security in depth: helps when attacker has access to DB only, but not app.ini
* Delete all credentials (even encrypted) from the task table, once the migration is done, for safety
  - security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini

A Doctor task needs to be created to delete finished tasks and encrypt
current tasks.
@zeripath zeripath added topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! topic/repo-migration Migrate repos from other platforms to Gitea, or from Gitea to them labels Jun 17, 2021
@zeripath zeripath added this to the 1.14.3 milestone Jun 17, 2021
@zeripath
Copy link
Contributor Author

@noerw sorry for sending this backport - I think you'd forgotten about it.

I've changed a few things to make it safe for 1.14.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jun 17, 2021
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jun 17, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 17, 2021
@6543 6543 merged commit 544ef7d into go-gitea:release/v1.14 Jun 17, 2021
@zeripath zeripath deleted the backport-15895-v1.14 branch June 18, 2021 05:33
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@KN4CK3R KN4CK3R KN4CK3R approved these changes

@6543 6543 6543 approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/repo-migration Migrate repos from other platforms to Gitea, or from Gitea to them topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.14.3
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@zeripath @KN4CK3R @6543 @GiteaBot