Skip to content

feat(coderd): plumb through dbcrypt package #9433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

feat(coderd): plumb through dbcrypt package #9433

wants to merge 2 commits into from

Conversation

johnstcn
Copy link
Member

@johnstcn johnstcn commented Aug 30, 2023
edited
Loading

See #9523 instead.

This commit builds upon #9421. It is recommended to read this first.

  • Adds a command dbcrypt-rotate to re-enncrypt encrypted data
  • Plumbs through dbcrypt in enterprise/coderd (including unit tests)
  • Enables database encryption in develop.sh by default
  • Adds documentation in admin/encryption.md

@johnstcn johnstcn self-assigned this Aug 30, 2023
johnstcn and others added 2 commits August 30, 2023 11:57
@johnstcn @kylecarbs
plumb through dbcrypt in enterprise/coderd:
66048de 
- Adds a command dbcrypt-rotate to re-enncrypt encrypted data
- Plumbs through dbcrypt in enterprise/coderd (including unit tests)
- Enables database encryption in develop.sh by default

Co-authored-by: Kyle Carberry <kyle@coder.com>
@johnstcn
add docs for encryption
5c7bcee
@johnstcn johnstcn mentioned this pull request Aug 30, 2023
Closed
@johnstcn johnstcn marked this pull request as ready for review August 30, 2023 12:20
@johnstcn johnstcn mentioned this pull request Aug 30, 2023
Closed
@johnstcn johnstcn mentioned this pull request Aug 30, 2023
Closed
6 tasks
deansheather
deansheather approved these changes Aug 30, 2023
View reviewed changes
enterprise/cli/dbcrypt_rotate.go
return xerrors.Errorf("get users: %w", err)
}
for idx, usr := range users {
userLinks, err := cryptDB.GetUserLinksByUserID(ctx, usr.ID)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should put comments everywhere so people forget to add something in one place and forget it here.

aaronlehmann
aaronlehmann reviewed Aug 31, 2023
View reviewed changes
cli/testdata/coder_server_--help.golden
database. The value must be a comma-separated list of base64-encoded
keys. A maximum of two keys may be provided. Each key, when
base64-decoded, must be exactly 32 bytes in length. The first key will
be used to encrypt new values. Subsequent keys will be used as a
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems a little confusing that there's a maximum of two keys but this refers to "subsequent keys". Maybe it should say "the optional second key" instead?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on other comments, I'm considering removing the restriction on the number of keys. I can see a legitimate use case for needing to have three keys for a period of time.

spikecurtis
spikecurtis requested changes Sep 1, 2023
View reviewed changes
enterprise/cli/dbcrypt_rotate.go
opts = vals.Options()
)
cmd := &clibase.Cmd{
Use: "dbcrypt-rotate --postgres-url <postgres_url> --external-token-encryption-keys <new-key>,<old-key>",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

running this from the CLI that has to have direct DB access is kind of obnoxious from an operator's standpoint.

What about making it an API call you could make to an appropriately-keyed Coderd? We could still have the CLI command, but you could run it from anywhere with Coder access. We could also consider a button on the front end at some later date.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this would be a nice usability improvement, it has precedence already with the reset-password CLI command. It's a good candidate for a follow-up PR though!

@johnstcn johnstcn mentioned this pull request Sep 4, 2023
Merged
@johnstcn
Copy link
Member Author

johnstcn commented Sep 5, 2023

Closing in favour of #9523

@johnstcn johnstcn closed this Sep 5, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Sep 5, 2023
@johnstcn johnstcn deleted the cj/dbcrypt_2 branch October 13, 2023 12:19
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@aaronlehmann aaronlehmann aaronlehmann left review comments

@spikecurtis spikecurtis spikecurtis requested changes

@deansheather deansheather deansheather approved these changes

@kylecarbs kylecarbs Awaiting requested review from kylecarbs

Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnstcn @spikecurtis @aaronlehmann @deansheather