-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate encrypted data in database to new encryption structure #3315
Labels
Comments
dmjb
added a commit
that referenced
this issue
May 14, 2024
Relates to #3315 Add new JSONB columns to session store and access tokens table which will be used to store encrypted data along with its metadata (algorithm type, key, salt).
dmjb
added a commit
that referenced
this issue
May 14, 2024
Relates to #3315 Add new JSONB columns to session store and access tokens table which will be used to store encrypted data along with its metadata (algorithm type, key, salt).
10 tasks
dmjb
added a commit
that referenced
this issue
May 16, 2024
Relates to #3315 When encrypting secrets, store the serialized JSON in the database. When decrypting, attempt to fetch from the new column and then fall back to the old one. In a subsequent PR, I will migrate all existing secrets to the new structure.
10 tasks
dmjb
added a commit
that referenced
this issue
May 16, 2024
Relates to #3315 When encrypting secrets, store the serialized JSON in the database. When decrypting, attempt to fetch from the new column and then fall back to the old one. In a subsequent PR, I will migrate all existing secrets to the new structure.
dmjb
added a commit
that referenced
this issue
May 16, 2024
Relates to #3315 When encrypting secrets, store the serialized JSON in the database. When decrypting, attempt to fetch from the new column and then fall back to the old one. In a subsequent PR, I will migrate all existing secrets to the new structure.
dmjb
added a commit
that referenced
this issue
May 16, 2024
Relates to #3315 When encrypting secrets, store the serialized JSON in the database. When decrypting, attempt to fetch from the new column and then fall back to the old one. In a subsequent PR, I will migrate all existing secrets to the new structure.
dmjb
added a commit
that referenced
this issue
May 17, 2024
Relates to #3315 When encrypting secrets, store the serialized JSON in the database. When decrypting, attempt to fetch from the new column and then fall back to the old one. In a subsequent PR, I will migrate all existing secrets to the new structure.
10 tasks
dmjb
added a commit
that referenced
this issue
May 20, 2024
Fixes #3315 At this point, we now have a hard requirement to use the new EncryptedData structure in the database - the old columns (for the access token, and for the redirect URL) do not track the random salt, and so they are useless for any new data. As part of the migration away from the old columns, I have made the following changes in this PR: 1. Make the old columns nullable 2. Stop writing to the old columns 3. Change all unit tests which relied on the old columns
dmjb
added a commit
that referenced
this issue
May 20, 2024
Relates to #3315 These new variables will be used to add the new crypto config for the staging and production configs.
10 tasks
dmjb
added a commit
that referenced
this issue
May 21, 2024
Relates to #3315 These new variables will be used to add the new crypto config for the staging and production configs.
dmjb
added a commit
that referenced
this issue
May 22, 2024
Relates to #3315 My first attempt at a config structure was a bad fit for the envionment variable substitution which we used when deploying minder in k8s. Simplify the crypto config in the following ways: 1) Only one fallback key/algo can be specified instead of a list. This is based under the assumption that we only need a single fallback before migrating to a new key. 2) The keystore config has been changed from a `map[string]any` to a concrete type. If we need more types of config in future, we can add additional concrete types and when filling in the config, only one type needs to be filled in.
dmjb
added a commit
that referenced
this issue
May 22, 2024
Relates to #3315 My first attempt at a config structure was a bad fit for the envionment variable substitution which we used when deploying minder in k8s. Simplify the crypto config in the following ways: 1) Only one fallback key/algo can be specified instead of a list. This is based under the assumption that we only need a single fallback before migrating to a new key. 2) The keystore config has been changed from a `map[string]any` to a concrete type. If we need more types of config in future, we can add additional concrete types and when filling in the config, only one type needs to be filled in.
dmjb
added a commit
that referenced
this issue
May 22, 2024
Relates to #3315 My first attempt at a config structure was a bad fit for the envionment variable substitution which we used when deploying minder in k8s. Simplify the crypto config in the following ways: 1) Only one fallback key/algo can be specified instead of a list. This is based under the assumption that we only need a single fallback before migrating to a new key. 2) The keystore config has been changed from a `map[string]any` to a concrete type. If we need more types of config in future, we can add additional concrete types and when filling in the config, only one type needs to be filled in.
dmjb
added a commit
that referenced
this issue
May 22, 2024
Relates to #3315 My first attempt at a config structure was a bad fit for the envionment variable substitution which we used when deploying minder in k8s. Simplify the crypto config in the following ways: 1) Only one fallback key/algo can be specified instead of a list. This is based under the assumption that we only need a single fallback before migrating to a new key. 2) The keystore config has been changed from a `map[string]any` to a concrete type. If we need more types of config in future, we can add additional concrete types and when filling in the config, only one type needs to be filled in.
dmjb
added a commit
that referenced
this issue
May 22, 2024
Relates to #3315 My first attempt at a config structure was a bad fit for the envionment variable substitution which we used when deploying minder in k8s. Simplify the crypto config in the following ways: 1) Only one fallback key/algo can be specified instead of a list. This is based under the assumption that we only need a single fallback before migrating to a new key. 2) The keystore config has been changed from a `map[string]any` to a concrete type. If we need more types of config in future, we can add additional concrete types and when filling in the config, only one type needs to be filled in.
dmjb
added a commit
that referenced
this issue
May 22, 2024
Relates to #3315 My first attempt at a config structure was a bad fit for the environment variable substitution which we use when deploying minder in k8s. Simplify the crypto config in the following ways: 1) Only one fallback key/algo can be specified instead of a list. This is based under the assumption that we only need a single fallback before migrating to a new key. 2) The keystore config has been changed from a `map[string]any` to a concrete type. If we need more types of config in future, we can add additional concrete types and when filling in the config, only one type needs to be filled in.
dmjb
added a commit
that referenced
this issue
May 27, 2024
Fixes #3315 Implement CLI command which is used to migrate keys and algorithms. This will: 1) Open connection to the DB 2) Query for secrets which do not have the default key ID or algorithm 3) Decrypts and re-encrypts with new data 4) Wraps all the above in a transaction which asks permission before commiting State secrets in the session state table are deleted. Since they are short-lived secrets, there is no point in migrating them. Tested locally.
10 tasks
dmjb
added a commit
that referenced
this issue
May 27, 2024
Fixes #3315 Implement CLI command which is used to migrate keys and algorithms. This will: 1) Open connection to the DB 2) Query for secrets which do not have the default key ID or algorithm 3) Decrypts and re-encrypts with new data 4) Wraps all the above in a transaction which asks permission before commiting State secrets in the session state table are deleted. Since they are short-lived secrets, there is no point in migrating them. Tested locally.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please describe the enhancement
See design doc in epic
Solution Proposal
In migration tool:
Describe alternatives you've considered
No response
Additional context
No response
Acceptance Criteria
No response
The text was updated successfully, but these errors were encountered: