Skip to content

[WIP] feat(enterprise): encrypt external access tokens (oidc, git auth) in the database #9339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 67 commits into from
Closed

[WIP] feat(enterprise): encrypt external access tokens (oidc, git auth) in the database #9339

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
6651fe1
feat: encrypt oidc and git auth tokens in the database
kylecarbs May 30, 2023
b9251fd
Fix dbcrypt
kylecarbs Jun 11, 2023
deb577b
Automatically delete rows when not encrypted
kylecarbs Jun 12, 2023
faa20ad
gen
kylecarbs Jun 12, 2023
2e19360
Merge branch 'main' into dbcrypt
kylecarbs Jun 12, 2023
614065b
Merge branch 'main' into dbcrypt
kylecarbs Jun 18, 2023
be996ba
Merge remote-tracking branch 'origin/dbcrypt' into cj/dbcrypt
johnstcn Aug 22, 2023
2b99db9
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 22, 2023
7837f71
move cipher to dbcrypt package
johnstcn Aug 22, 2023
82e7b35
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
2b404d1
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
02277a8
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
3a21c5d
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 22, 2023
a4612c2
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
8b1f835
update golden files
johnstcn Aug 22, 2023
60d52f5
enforce 32-byte key length
johnstcn Aug 22, 2023
dc69c4a
fix some failing tests
johnstcn Aug 22, 2023
d9d050f
make DecryptionFailedError unwrap to sql.ErrNoRows
johnstcn Aug 23, 2023
1cd4847
modify dbCrypt to not delete rows silently
johnstcn Aug 23, 2023
832766c
add dbcrypt_sentinel table to determine encryption status
johnstcn Aug 23, 2023
935f79f
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 23, 2023
05c0cf9
fix unused-receiver
johnstcn Aug 23, 2023
6556269
move dbcrypt to enterprise
johnstcn Aug 23, 2023
cbd776f
dbcrypt.New now marks database as encrypted
johnstcn Aug 24, 2023
5929c96
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 24, 2023
22e7aeb
add hex digest of cipher to encrypted fields
johnstcn Aug 24, 2023
3842fdd
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 24, 2023
9f71836
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 25, 2023
17e694c
fixup! Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 25, 2023
dbe6915
add previous external token encryption key deployment value
johnstcn Aug 25, 2023
d4c74bf
support secondary cipher in dbcrypt
johnstcn Aug 25, 2023
e14272c
fixup! support secondary cipher in dbcrypt
johnstcn Aug 25, 2023
a71fbaf
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 25, 2023
15c4919
fix DeploymentValues.WithoutSecrets()
johnstcn Aug 25, 2023
63fda96
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 28, 2023
09cad5b
export cli.connectToPostgres
johnstcn Aug 28, 2023
dd4a94c
add queries to support rotating dbcrypt keys
johnstcn Aug 28, 2023
75e4014
make gen
johnstcn Aug 28, 2023
0c01b36
fixup! add queries to support rotating dbcrypt keys
johnstcn Aug 28, 2023
a457307
flesh out unit test
johnstcn Aug 28, 2023
4d28746
make the test pass
johnstcn Aug 28, 2023
f64b7bb
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 29, 2023
67ee610
remove unused queries
johnstcn Aug 29, 2023
5a0161c
refactor: add Ciphers to abstract over multiple ciphers
johnstcn Aug 29, 2023
4142fb2
refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
7a64a4e
fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
600391f
fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
ae6f623
fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
8b07604
make gen
johnstcn Aug 29, 2023
a2b7935
make fmt
johnstcn Aug 29, 2023
e3dd4c0
make lint
johnstcn Aug 29, 2023
db30bdd
update-golden-files
johnstcn Aug 29, 2023
4c6a93f
fix logging
johnstcn Aug 29, 2023
da8c984
appease the linter
johnstcn Aug 29, 2023
e1a77a6
address some comments from original PR
johnstcn Aug 29, 2023
552e425
fixup! address some comments from original PR
johnstcn Aug 29, 2023
2e5b5c0
lint
johnstcn Aug 29, 2023
ad44e1e
fixup! lint
johnstcn Aug 29, 2023
128ad09
handle sentinel mismatch with a specific message
johnstcn Aug 29, 2023
1851fff
fix build issue
johnstcn Aug 29, 2023
6ad0904
add external token encryption keys to ./scripts/develop.sh by default
johnstcn Aug 29, 2023
1b6e92e
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 29, 2023
fe21f26
fixup! add external token encryption keys to ./scripts/develop.sh by …
johnstcn Aug 29, 2023
8cb07ba
decrypt fields when inserting and updating!
johnstcn Aug 29, 2023
b6a8a83
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 29, 2023
fc4e2a6
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 30, 2023
625a85f
add docs for encryption
johnstcn Aug 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
handle sentinel mismatch with a specific message
  • Loading branch information
@johnstcn
johnstcn committed Aug 29, 2023
commit 128ad09c158290bcbdffaef1d34451c83d3fb757
3 changes: 3 additions & 0 deletions enterprise/coderd/coderd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
cryptDB, err := dbcrypt.New(ctx, options.Database, options.ExternalTokenEncryption)
if err != nil {
cancelFunc()
if xerrors.Is(err, dbcrypt.ErrSentinelMismatch) {
panic(`Coder has shut down to prevent data corruption: your configured database is encrypted with an unknown external token encryption key. Please check your configuration and try again.`)
}
return nil, xerrors.Errorf("init dbcrypt: %w", err)
}
options.Database = cryptDB
Expand Down
9 changes: 5 additions & 4 deletions enterprise/dbcrypt/dbcrypt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,10 @@ const MagicPrefix = "dbcrypt-"
const sentinelValue = "coder"

var (
ErrNotEnabled = xerrors.New("encryption is not enabled")
b64encode = base64.StdEncoding.EncodeToString
b64decode = base64.StdEncoding.DecodeString
ErrNotEnabled = xerrors.New("encryption is not enabled")
ErrSentinelMismatch = xerrors.New("database is already encrypted under a different key")
b64encode = base64.StdEncoding.EncodeToString
b64decode = base64.StdEncoding.DecodeString
)

// DecryptFailedError is returned when decryption fails.
Expand Down Expand Up @@ -266,7 +267,7 @@ func ensureEncrypted(ctx context.Context, dbc *dbCrypt) error {
}

if val != "" && val != sentinelValue {
return xerrors.Errorf("database is already encrypted with a different key")
return ErrSentinelMismatch
}

// Mark the database as officially having been touched by the new cipher.
Expand Down
4 changes: 2 additions & 2 deletions enterprise/dbcrypt/dbcrypt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,8 +208,8 @@ func TestNew(t *testing.T) {
// When: we init the crypt db with no access to the old cipher
cipher2 := initCipher(t)
_, err = dbcrypt.New(ctx, rawDB, dbcrypt.NewCiphers(cipher2))
// Then: an error is returned
require.ErrorContains(t, err, "database is already encrypted with a different key")
// Then: a special error is returned
require.ErrorIs(t, err, dbcrypt.ErrSentinelMismatch)

// And the sentinel value should remain unchanged. For now.
rawVal, err := rawDB.GetDBCryptSentinelValue(ctx)
Expand Down