-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypt complete job configuration in PDS #3264
Comments
de-jcup
changed the title
Encrypt SecHub configuraiton in PDS
Encrypt SecHub configuration in PDS
Jul 2, 2024
At the first glimpse: We store only the PDSJobConfiguration... Means this contains sensitive data as well and must be encrypted as well! |
de-jcup
added a commit
that referenced
this issue
Aug 2, 2024
- implemented encryption parts for PDS - documented encryption for PDS - flyway migration scripts - added unit tests - some changes in common encryption
de-jcup
added a commit
that referenced
this issue
Aug 3, 2024
- implemented encryption parts for PDS - documented encryption for PDS - flyway migration scripts - added unit tests - some changes in common encryption - NONE is default cipher encryption, means startup possible without encryption - summary log service shows encryption algorithm - handled encryption out of synch problems on PDS side and at SecHub side - extracted PDS apply of future into own service + wrote tests - implemented developer admin ui test action for encryption
de-jcup
added a commit
that referenced
this issue
Aug 3, 2024
- implemented encryption parts for PDS - documented encryption for PDS - flyway migration scripts - added unit tests - some changes in common encryption - NONE is default cipher encryption, means startup possible without encryption - summary log service shows encryption algorithm - handled encryption out of synch problems on PDS side and at SecHub side - extracted PDS apply of future into own service + wrote tests - implemented developer admin ui test action for encryption
de-jcup
added a commit
that referenced
this issue
Aug 3, 2024
- improved daui secret key gen action - startup outside integration test failed because "-" was not correctly handled by SecureEnvironmentVariableKeyValueRegistry
de-jcup
added a commit
that referenced
this issue
Aug 5, 2024
* SecHub - described concept of data encryption #3250 - Introduced sechub-encryption #3273 + update bouncy castle version #3275 - encryption implementation are now inside own gradle sub module "sechub-encryption" - refacotred sechub encryption library #3274 - implemented data encryption inside SecHub #3250 - restricted access and storage, avoid using configuration when not absolut necessary - created dedicated job message which contains unencrypted configuration at runtime. Only one message uses this one -> clear not accidently used on another code location - created migration scripts, seperated pool id generation for h2 and postgres because of binary type. Also postgres will migrate old data automatically to NoneCipher variant (means no real encryption, but admin will be able to rotate keys...) - wrote tests - introduced new usecases - new REST APIs introduced - added integration test for encryption rotation - added developer admin ui actions - auto cleanup does also auto clean old unused encryption pool data - Scheduler now only executes for accepted encryption pool ids #3250 - Updated open api file for encryption parts #3250 * PDS - implemented data encryption + documentation #3264 - NONE is default cipher encryption, means startup possible without encryption - summary log service shows encryption algorithm - handled encryption out of sync problems on PDS side and at SecHub side
de-jcup
changed the title
Encrypt SecHub configuration in PDS
Encrypt complete job configuration in PDS
Aug 5, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Situation
We store the parts of the SecHub configuration inside PDS database
ℹ️ This is a sub issue of #3250
Wanted
This must be encrypted - similar to #3263
The text was updated successfully, but these errors were encountered: