Skip to content

RSA keys and secrets stored in clear text in the database #7905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Adphi opened this issue Jun 7, 2023 · 8 comments
Closed

RSA keys and secrets stored in clear text in the database #7905

Adphi opened this issue Jun 7, 2023 · 8 comments

Comments

@Adphi
Copy link

Adphi commented Jun 7, 2023

First of all, thank you very much for your work on this very interesting project 😀.

I am currently evaluating "coder" as a solution to provide our developers with ephemeral and standardized development environments closer to their cloud based dev / staging environment.

When I looked in the database I noticed that the ssh keys were stored in clear text.

Would it be possible to implement "at rest" encryption for sensitive data so that the database administrator cannot access the private keys?
We could imagine an environment variable that would allow an encryption passphrase to be supplied, using AES256 for example.
@cdr-bot cdr-bot bot added the feature label Jun 7, 2023
@kylecarbs
Copy link
Member

We're already doing this for OIDC and Git auth tokens, so yes! We'll do this too.

@Adphi
Copy link
Author

Adphi commented Jun 7, 2023

I didn't see the passphrase configuration in the documentation (perhaps I looked too quickly).
Where is it stored?

@kylecarbs
Copy link
Member

Ahh, apologies! We're working on this now... it's not out yet!

@kylecarbs
Copy link
Member

Related #7640

@github-actions github-actions bot added the stale This issue is like stale bread. label Dec 5, 2023
@matifali matifali removed the stale This issue is like stale bread. label Dec 5, 2023
@sreya
Copy link
Collaborator

sreya commented Apr 4, 2024

We added support to encrypt sensitive fields in the database, requires an enterprise license though

@sreya sreya closed this as completed Apr 4, 2024
@Adphi
Copy link
Author

Adphi commented Apr 5, 2024

We added support to encrypt sensitive fields in the database, requires an enterprise license though

@sreya, If security is only reserved for users with enterprise license, this can be a very bad signal for the open-source community.

@kylecarbs
Copy link
Member

@Adphi could you share more about the use case?

We reserve key-rotation for encrypting database values in the Enterprise because this has only been necessary for our Enterprise customers. And necessary is even a stretch in that scenario, it's more of a nice-to-have from our understanding.

@Adphi
Copy link
Author

Adphi commented Apr 10, 2024

@kylecarbs, as soon as sensitive data is stored in a database, it should to be encrypted. If an unencrypted backup is compromised, or if the database server is compromised, this would expose identifiers enabling (potentially privileged) access to private repositories.

When using an encryption key, you also need to plan for its rotation in the event that it is compromised.

Grafana, for example, encrypts credentials used to access datasources, even if a default key is used when not configured.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sreya @kylecarbs @matifali @Adphi