Skip to content

[WIP] feat(enterprise): encrypt external access tokens (oidc, git auth) in the database #9339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 67 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
6651fe1
feat: encrypt oidc and git auth tokens in the database
kylecarbs May 30, 2023
b9251fd
Fix dbcrypt
kylecarbs Jun 11, 2023
deb577b
Automatically delete rows when not encrypted
kylecarbs Jun 12, 2023
faa20ad
gen
kylecarbs Jun 12, 2023
2e19360
Merge branch 'main' into dbcrypt
kylecarbs Jun 12, 2023
614065b
Merge branch 'main' into dbcrypt
kylecarbs Jun 18, 2023
be996ba
Merge remote-tracking branch 'origin/dbcrypt' into cj/dbcrypt
johnstcn Aug 22, 2023
2b99db9
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 22, 2023
7837f71
move cipher to dbcrypt package
johnstcn Aug 22, 2023
82e7b35
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
2b404d1
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
02277a8
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
3a21c5d
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 22, 2023
a4612c2
fixup! move cipher to dbcrypt package
johnstcn Aug 22, 2023
8b1f835
update golden files
johnstcn Aug 22, 2023
60d52f5
enforce 32-byte key length
johnstcn Aug 22, 2023
dc69c4a
fix some failing tests
johnstcn Aug 22, 2023
d9d050f
make DecryptionFailedError unwrap to sql.ErrNoRows
johnstcn Aug 23, 2023
1cd4847
modify dbCrypt to not delete rows silently
johnstcn Aug 23, 2023
832766c
add dbcrypt_sentinel table to determine encryption status
johnstcn Aug 23, 2023
935f79f
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 23, 2023
05c0cf9
fix unused-receiver
johnstcn Aug 23, 2023
6556269
move dbcrypt to enterprise
johnstcn Aug 23, 2023
cbd776f
dbcrypt.New now marks database as encrypted
johnstcn Aug 24, 2023
5929c96
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 24, 2023
22e7aeb
add hex digest of cipher to encrypted fields
johnstcn Aug 24, 2023
3842fdd
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 24, 2023
9f71836
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 25, 2023
17e694c
fixup! Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 25, 2023
dbe6915
add previous external token encryption key deployment value
johnstcn Aug 25, 2023
d4c74bf
support secondary cipher in dbcrypt
johnstcn Aug 25, 2023
e14272c
fixup! support secondary cipher in dbcrypt
johnstcn Aug 25, 2023
a71fbaf
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 25, 2023
15c4919
fix DeploymentValues.WithoutSecrets()
johnstcn Aug 25, 2023
63fda96
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 28, 2023
09cad5b
export cli.connectToPostgres
johnstcn Aug 28, 2023
dd4a94c
add queries to support rotating dbcrypt keys
johnstcn Aug 28, 2023
75e4014
make gen
johnstcn Aug 28, 2023
0c01b36
fixup! add queries to support rotating dbcrypt keys
johnstcn Aug 28, 2023
a457307
flesh out unit test
johnstcn Aug 28, 2023
4d28746
make the test pass
johnstcn Aug 28, 2023
f64b7bb
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 29, 2023
67ee610
remove unused queries
johnstcn Aug 29, 2023
5a0161c
refactor: add Ciphers to abstract over multiple ciphers
johnstcn Aug 29, 2023
4142fb2
refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
7a64a4e
fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
600391f
fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
ae6f623
fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn Aug 29, 2023
8b07604
make gen
johnstcn Aug 29, 2023
a2b7935
make fmt
johnstcn Aug 29, 2023
e3dd4c0
make lint
johnstcn Aug 29, 2023
db30bdd
update-golden-files
johnstcn Aug 29, 2023
4c6a93f
fix logging
johnstcn Aug 29, 2023
da8c984
appease the linter
johnstcn Aug 29, 2023
e1a77a6
address some comments from original PR
johnstcn Aug 29, 2023
552e425
fixup! address some comments from original PR
johnstcn Aug 29, 2023
2e5b5c0
lint
johnstcn Aug 29, 2023
ad44e1e
fixup! lint
johnstcn Aug 29, 2023
128ad09
handle sentinel mismatch with a specific message
johnstcn Aug 29, 2023
1851fff
fix build issue
johnstcn Aug 29, 2023
6ad0904
add external token encryption keys to ./scripts/develop.sh by default
johnstcn Aug 29, 2023
1b6e92e
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 29, 2023
fe21f26
fixup! add external token encryption keys to ./scripts/develop.sh by …
johnstcn Aug 29, 2023
8cb07ba
decrypt fields when inserting and updating!
johnstcn Aug 29, 2023
b6a8a83
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 29, 2023
fc4e2a6
Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn Aug 30, 2023
625a85f
add docs for encryption
johnstcn Aug 30, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
update-golden-files
  • Loading branch information
johnstcn committed Aug 29, 2023
commit db30bddacd16b9694fe89a8c59cad644c8bff933
1 change: 1 addition & 0 deletions enterprise/cli/testdata/coder_--help.golden
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Coder v0.0.0-devel — A tool for provisioning self-hosted development environme
 $ coder templates init 

Subcommands
dbcrypt-rotate Rotate database encryption keys
features List Enterprise features
groups Manage groups
licenses Add, delete, and list licenses
Expand Down
24 changes: 24 additions & 0 deletions enterprise/cli/testdata/coder_dbcrypt-rotate_--help.golden
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
Usage: coder dbcrypt-rotate [flags] --postgres-url <postgres_url> --external-token-encryption-keys <new-key>,<old-key>

Rotate database encryption keys

Options
--postgres-url string, $CODER_PG_CONNECTION_URL
URL of a PostgreSQL database. If empty, PostgreSQL binaries will be
downloaded from Maven (https://repo1.maven.org/maven2) and store all
data in the config root. Access the built-in database with "coder
server postgres-builtin-url".

Enterprise Options
These options are only available in the Enterprise Edition.

--external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS
Encrypt OIDC and Git authentication tokens with AES-256-GCM in the
database. The value must be a comma-separated list of base64-encoded
keys. A maximum of two keys may be provided. Each key, when
base64-decoded, must be exactly 32 bytes in length. The first key will
be used to encrypt new values. Subsequent keys will be used as a
fallback when decrypting.

---
Run `coder --help` for a list of global options.