Skip to content

SECURITY

github-actions[bot] edited this page Jul 4, 2026 · 5 revisions

⚠️ Auto-generated from the repository — do not edit here. Source: https://github.com/luisgf/infrabroker/tree/main/docs

Security Policy

Supported versions

infrabroker follows X.Y.Z versioning (see CONTRIBUTING.md). Only the latest 1.x release on main receives security fixes.

Version Supported
latest 1.x (main)
older 1.x tags ❌ (upgrade to latest)

Reporting a vulnerability

Do not open a public issue for security reports.

Report privately via one of:

  • GitHub Security Advisories — "Report a vulnerability" on the repository's Security tab (preferred; keeps the report and fix coordinated).
  • Emailluisgf@luisgf.es with subject [infrabroker security].

Please include:

  • affected component (signer, control-plane, a broker frontend, broker-ctl) and version/commit;
  • a description of the issue and its impact (which trust boundary it crosses);
  • reproduction steps or a proof of concept, if available;
  • any suggested remediation.

You can expect an acknowledgement within a few days and a coordinated timeline for a fix and disclosure. Please allow a reasonable window before any public disclosure.

Scope

infrabroker's security goals and explicit non-goals are documented in THREAT_MODEL.md. Reports about the following are known/by design rather than vulnerabilities (but context is still welcome):

  • absence of host-enforced force-command containment for sessions; mode=exec is broker-preflighted, but one-shot remains the strongest guarantee — gap #1;
  • behavior guardrails being detection rather than containment — gap #2;
  • absence of certificate revocation (KRL) — gap #3;
  • callers being default-open for unlisted CNs — gap #6;
  • use of a PEM CA key in production (use AKV/HSM/KMS instead) — gap #7.

In-scope and high-value: anything that lets a compromised broker or compromised agent exceed the operator's policy, mint or widen a certificate, bypass the approval gate, forge an identity assertion the signer trusts, or tamper with the audit chain undetected.

Handling of secrets

  • The pki/ directory holds private keys and must never be committed (it is git-ignored). Treat any accidental commit as a key-rotation event.
  • Audit seeds (pki/*.seed) must not be rotated casually — doing so breaks the hash/signature chain of existing logs.

Redaction is best-effort

The optional redact config block (broker, signer, control plane) masks secrets embedded in commands before they reach a persistent or outbound sink: the audit log's free-text fields (command, err, warning, anomaly), session recordings (.cast), and the approval notification payload (log/webhook/Teams). A matched secret is replaced by [REDACTED:<rule>]; masking happens before the audit entry is signed, so broker-ctl audit verify is unaffected — and the original text is irrecoverable by design.

Know its limits before relying on it:

  • Regex matching is not DLP. The built-in rules cover common shapes (password/token flags, mysql -p<pass>, VAR=secret assignments, URI user:pass@, Authorization headers, JWTs, AWS/GitHub/GitLab/Slack tokens, private-key blocks). A secret in an unanticipated format survives. Extend coverage with operator patterns (RE2; a (?P<secret>...) group masks only the secret and keeps the rest of the match as forensic context).
  • Recording output is chunked. Session input is recorded one full command line per event, where patterns match reliably; output arrives in arbitrary chunks, so a secret split across two events can escape a pattern.
  • The decision path is never redacted, by design. The signer authorizes, and the certificate force-command enforces, the original command; the mTLS approval UI (/ui/approvals) and GET /v1/approvals show the approver the original command so the human decides on real information. sshd's own logs on the target host are outside the broker's control.
  • False positives cost forensics. The [REDACTED:<rule>] marker names the rule that fired; if a default rule masks something you need, disable the defaults (disable_defaults) and supply your own patterns.

The first line of defence remains unchanged: prefer credential-free invocations (env files on the host, ~/.pgpass, secret managers) over inline secrets.

Clone this wiki locally