Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transparent encryption and decryption for all tables that contain secrets or tokens #14214

Merged
merged 47 commits into from Sep 30, 2020
Merged

Transparent encryption and decryption for all tables that contain secrets or tokens #14214

merged 47 commits into from Sep 30, 2020

Conversation

unknwon
Copy link
Member

@unknwon unknwon commented Sep 26, 2020

Encrypts and decrypts secrets columns in our database transparently.

Notes:

  • event_logs.argument is left out, see discussions in Slack.
  • repo.metadata is not encrypted because we normalized most of its value and decided not worth encrypting.

Co-authored-by: Dax McDonald 31839142+daxmc99@users.noreply.github.com

chayim and others added 30 commits September 10, 2020 19:00
@chayim
ripping saved_searches and secrets into its own branch to be PRed onc…
e53a4b8 
…e unit tests exist
@daxmc99
Add test for KeyHash()
ec0a701
@daxmc99
Add base64 encoding to saved_searches
623a8a7
@daxmc99
Add secrets.Init() to db pkg
2eb1614
@daxmc99
Add main_test.go back to boostrap testing across repo
44d0acb
@daxmc99 @asdine
Update internal/db/saved_searches.go
8fb420c 
Co-authored-by: Asdine El Hrychy <asdine.elhrychy@gmail.com>
@daxmc99 @asdine
Update internal/db/saved_searches.go
fad1655 
Co-authored-by: Asdine El Hrychy <asdine.elhrychy@gmail.com>
@daxmc99
First round of implementing sql.Value & sql.Scan interfaces
febf578 
This allow for types that can decrypt and encrypt themselves.
However, it causes an issue with what encryptor to use
@daxmc99 @asdine
Update internal/db/saved_searches.go
5de79a3 
Co-authored-by: Asdine El Hrychy <asdine.elhrychy@gmail.com>
@daxmc99
Merge remote-tracking branch 'origin/rfc196/encoding' into rfc196/enc…
80aea87 
…oding
@daxmc99
Add mustInit() to testing pkg to allow for better stacktraces
804b1aa
@daxmc99
Add EncryptedValue type to saved_searches
5c4ede7
@chayim
started to migrate in external_accounts
3dd45d4
@daxmc99
Rename pkg to secret & add String() method to EncryptedStringValue
aa524e0
@daxmc99
Remove EncryptTables() from this PR
269c111
@daxmc99
Pairing session with Joe
0b703ff
@chayim
Adding ConfiguredToEncrypt to new types
65090ba 
Ensuring the new types honour ConfiguredToEncrypt so that they can transparently encrypt and decrypt in the future.
@chayim
Encrypting and Decrypting event_logs and external_services
b6432b3
@unknwon
Tidy up naming and fixed one little bug
fe6facf
@unknwon
Make base64 encoding/decoding be part of the Encryptor
caaa723
@unknwon
Make the interface private to the package
9231a8b
@unknwon
Merge branch 'main' of github.com:sourcegraph/sourcegraph into rfc196…
468b06e 
…/encoding

# Conflicts:
#	internal/secret/encryptor.go
#	internal/secret/encryptor_test.go
#	internal/secret/init.go
@unknwon
Fix package rename
a62115a
@unknwon
Init defaultEncrypt as noOpEncryptor and remove MustInit
7d4bcab
@unknwon
Fix failed tests
0e44d9e
@unknwon
Add db migration and remove JSONValue
6d0830c
@daxmc99
Revert event_logs.go
6b9047f
@daxmc99
Add migration for user_external_accounts to TEXT
2ec80b2
@daxmc99
Working test for scanner_test
3e88868
@daxmc99
Merge remote-tracking branch 'origin/main' into rfc196/encoding
f5f8ecd
@unknwon unknwon mentioned this pull request Sep 26, 2020
Closed
@unknwon unknwon requested review from chayim and a team September 26, 2020 04:19
@unknwon unknwon changed the title ripping saved_searches and secrets into its own branch to be PRed once unit tests exist Transparent encryption and decryption for all tables that contain secrets or tokens Sep 26, 2020
@unknwon unknwon mentioned this pull request Sep 26, 2020
Closed
4 tasks
@unknwon unknwon linked an issue Sep 26, 2020 that may be closed by this pull request
RFC-214: Transparent encryption and decryption for all tables that contain secrets or tokens #13851
Closed
4 tasks
@daxmc99 daxmc99 mentioned this pull request Sep 26, 2020
Closed
47 tasks
asdine
asdine approved these changes Sep 28, 2020
View reviewed changes
Copy link
Contributor

@asdine asdine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me but I feel like the boilerplate needed to encrypt a single field is still a bit too big.
We could leverage the fact that the encryption functions are available from everywhere to try to make it as transparent as possible. I have proposed a lead in a comment but not sure if that's enough

cmd/repo-updater/repos/store.go Outdated Show resolved Hide resolved
@codecov
Copy link

codecov bot commented Sep 30, 2020

Codecov Report

Merging #14214 into main will decrease coverage by 0.33%.
The diff coverage is 60.91%.

@@            Coverage Diff             @@
##             main   #14214      +/-   ##
==========================================
- Coverage   52.08%   51.74%   -0.34%     
==========================================
  Files        1536     1536              
  Lines       78644    77819     -825     
  Branches     7024     6939      -85     
==========================================
- Hits        40958    40266     -692     
+ Misses      33986    33925      -61     
+ Partials     3700     3628      -72
Flag Coverage Δ
#go 51.93% <60.91%> (-0.48%) ⬇️
#integration 30.31% <ø> (ø)
#storybook 18.06% <ø> (ø)
#typescript 51.29% <ø> (ø)
#unit 33.90% <ø> (ø)
Impacted Files Coverage Δ
internal/db/external_services.go 59.44% <33.33%> (-5.02%) ⬇️
enterprise/internal/db/perms_store.go 78.51% <40.00%> (-2.18%) ⬇️
internal/db/saved_searches.go 64.82% <50.00%> (-0.92%) ⬇️
internal/secret/scanner.go 47.72% <55.55%> (-4.00%) ⬇️
internal/db/external_accounts.go 40.33% <62.50%> (-8.10%) ⬇️
cmd/repo-updater/repos/store.go 83.03% <100.00%> (-3.79%) ⬇️
internal/authz/register.go 20.00% <100.00%> (+1.48%) ⬆️
... and 5 more

@unknwon
Copy link
Member Author

unknwon commented Sep 30, 2020

Since no real encryption is in place yet, there will be no harm to data if any application code behaves unexpected. Merging as-is and happy to address any post-merge comments!

@unknwon unknwon merged commit 59f929c into main Sep 30, 2020
@unknwon unknwon deleted the rfc196/encoding branch September 30, 2020 04:06
@sourcegraph-bot sourcegraph-bot mentioned this pull request Sep 30, 2020
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asdine asdine asdine approved these changes

@chayim chayim Awaiting requested review from chayim

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

RFC-214: Transparent encryption and decryption for all tables that contain secrets or tokens
4 participants
@unknwon @asdine @chayim @daxmc99