NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

[WIP] feat(enterprise): encrypt external access tokens (oidc, git auth) in the database#9339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Closed

johnstcn wants to merge67 commits intomainfromcj/dbcrypt

Closed

[WIP] feat(enterprise): encrypt external access tokens (oidc, git auth) in the database#9339

johnstcn wants to merge67 commits intomainfromcj/dbcrypt

Conversation

Copy link

Member

johnstcn commentedAug 25, 2023•
edited
Loading

Encrypt exernal access tokens

Note: this PR has gotten rather big, so I am breaking it up into smaller chunks. Keeping this around for reference.
#9421
#9433

This PR adds enterprise-only functionality to encrypt external database access tokens. This builds upon@kylecarbs' previous work in#7959.

Adds a new tabledbcrypt_sentinel which is used as a litmus test for database encryption status.
Adds packageenterprise/dbcrypt which handles encryption/decryption for the following fields:
- dbcrypt_sentinel.value
- user_links.oauth_access_token
- user_links.oauth_refresh_token
- git_auth_links.oauth_access_token
- git_auth_links.oauth_refresh_token
Adds support for specifyingEXTERNAL_TOKEN_ENCRYPTION_KEYS to enterprise server cmd.
- When specified, thedatabase.Store will be wrapped bydbcrypt.Store.
- At present, we only allow max. 2 keys; this is to force people to complete key rotation in a timely manner instead of continuously appending old keys.
Adds adbcrypt-rotate enterprise subcommand (and associated test) to perform key rotation and re-encryption of affected rows.

Suggested attention:

enterprise/dbcrypt - this is the most important piece
enterprise/cli - specifically the rotation command
enterprise/coderd - specifically the misc. plumbing

Checklist

No experimental flags needed
Testing:
- Unit tests have been added
- Manual testing has been performed using./scripts/dev-oidc.sh
User-facing changes:
- Add documentation under./docs (in progress)

kylecarbsand others added30 commits

May 30, 2023 16:26

feat: encrypt oidc and git auth tokens in the database

6651fe1

Fix dbcrypt

b9251fd

Automatically delete rows when not encrypted

deb577b

gen

faa20ad

Merge branch 'main' into dbcrypt

2e19360

Merge branch 'main' into dbcrypt

614065b

Merge remote-tracking branch 'origin/dbcrypt' into cj/dbcrypt

be996ba

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

2b99db9

move cipher to dbcrypt package

7837f71

fixup! move cipher to dbcrypt package

82e7b35

fixup! move cipher to dbcrypt package

2b404d1

fixup! move cipher to dbcrypt package

02277a8

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

3a21c5d

fixup! move cipher to dbcrypt package

a4612c2

update golden files

8b1f835

enforce 32-byte key length

60d52f5

fix some failing tests

dc69c4a

- add external token encryption key to YAML excludes- ensure that secret external token encryption key is  scrubbed from deployment values

make DecryptionFailedError unwrap to sql.ErrNoRows

d9d050f

modify dbCrypt to not delete rows silently

1cd4847

add dbcrypt_sentinel table to determine encryption status

832766c

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

935f79f

fix unused-receiver

05c0cf9

move dbcrypt to enterprise

6556269

dbcrypt.New now marks database as encrypted

cbd776f

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

5929c96

add hex digest of cipher to encrypted fields

22e7aeb

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

3842fdd

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

9f71836

fixup! Merge remote-tracking branch 'origin/main' into cj/dbcrypt

17e694c

add previous external token encryption key deployment value

dbe6915

johnstcn added19 commits

August 29, 2023 08:58

refactor: add Ciphers to abstract over multiple ciphers

5a0161c

refactor dbcrypt: add Ciphers to wrap multiple AES256

4142fb2

fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256

7a64a4e

fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256

600391f

fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256

ae6f623

make gen

8b07604

make fmt

a2b7935

make lint

e3dd4c0

update-golden-files

db30bdd

fix logging

4c6a93f

appease the linter

da8c984

address some comments from original PR

e1a77a6

fixup! address some comments from original PR

552e425

lint

2e5b5c0

fixup! lint

ad44e1e

handle sentinel mismatch with a specific message

128ad09

fix build issue

1851fff

add external token encryption keys to ./scripts/develop.sh by default

6ad0904

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

1b6e92e

johnstcn changed the title~~[WIP] encrypt external access tokens~~feat(enterprise): encrypt external access tokens (oidc, git auth) in the database

Aug 29, 2023

johnstcn added4 commits

August 29, 2023 15:50

fixup! add external token encryption keys to ./scripts/develop.sh by …

fe21f26

…default

decrypt fields when inserting and updating!

8cb07ba

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

b6a8a83

Merge remote-tracking branch 'origin/main' into cj/dbcrypt

fc4e2a6

johnstcn changed the title~~feat(enterprise): encrypt external access tokens (oidc, git auth) in the database~~[WIP] feat(enterprise): encrypt external access tokens (oidc, git auth) in the database

Aug 30, 2023

johnstcn mentioned this pull request

Aug 30, 2023

feat(coderd): add dbcrypt package#9421

Closed

add docs for encryption

625a85f

johnstcn closed this

Aug 30, 2023