- Notifications
You must be signed in to change notification settings - Fork927
[WIP] feat(enterprise): encrypt external access tokens (oidc, git auth) in the database#9339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Closed
Uh oh!
There was an error while loading.Please reload this page.
Closed
Changes fromall commits
Commits
Show all changes
67 commits Select commitHold shift + click to select a range
6651fe1 feat: encrypt oidc and git auth tokens in the database
kylecarbsb9251fd Fix dbcrypt
kylecarbsdeb577b Automatically delete rows when not encrypted
kylecarbsfaa20ad gen
kylecarbs2e19360 Merge branch 'main' into dbcrypt
kylecarbs614065b Merge branch 'main' into dbcrypt
kylecarbsbe996ba Merge remote-tracking branch 'origin/dbcrypt' into cj/dbcrypt
johnstcn2b99db9 Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn7837f71 move cipher to dbcrypt package
johnstcn82e7b35 fixup! move cipher to dbcrypt package
johnstcn2b404d1 fixup! move cipher to dbcrypt package
johnstcn02277a8 fixup! move cipher to dbcrypt package
johnstcn3a21c5d Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcna4612c2 fixup! move cipher to dbcrypt package
johnstcn8b1f835 update golden files
johnstcn60d52f5 enforce 32-byte key length
johnstcndc69c4a fix some failing tests
johnstcnd9d050f make DecryptionFailedError unwrap to sql.ErrNoRows
johnstcn1cd4847 modify dbCrypt to not delete rows silently
johnstcn832766c add dbcrypt_sentinel table to determine encryption status
johnstcn935f79f Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn05c0cf9 fix unused-receiver
johnstcn6556269 move dbcrypt to enterprise
johnstcncbd776f dbcrypt.New now marks database as encrypted
johnstcn5929c96 Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn22e7aeb add hex digest of cipher to encrypted fields
johnstcn3842fdd Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn9f71836 Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn17e694c fixup! Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcndbe6915 add previous external token encryption key deployment value
johnstcnd4c74bf support secondary cipher in dbcrypt
johnstcne14272c fixup! support secondary cipher in dbcrypt
johnstcna71fbaf Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn15c4919 fix DeploymentValues.WithoutSecrets()
johnstcn63fda96 Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn09cad5b export cli.connectToPostgres
johnstcndd4a94c add queries to support rotating dbcrypt keys
johnstcn75e4014 make gen
johnstcn0c01b36 fixup! add queries to support rotating dbcrypt keys
johnstcna457307 flesh out unit test
johnstcn4d28746 make the test pass
johnstcnf64b7bb Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn67ee610 remove unused queries
johnstcn5a0161c refactor: add Ciphers to abstract over multiple ciphers
johnstcn4142fb2 refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn7a64a4e fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn600391f fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcnae6f623 fixup! refactor dbcrypt: add Ciphers to wrap multiple AES256
johnstcn8b07604 make gen
johnstcna2b7935 make fmt
johnstcne3dd4c0 make lint
johnstcndb30bdd update-golden-files
johnstcn4c6a93f fix logging
johnstcnda8c984 appease the linter
johnstcne1a77a6 address some comments from original PR
johnstcn552e425 fixup! address some comments from original PR
johnstcn2e5b5c0 lint
johnstcnad44e1e fixup! lint
johnstcn128ad09 handle sentinel mismatch with a specific message
johnstcn1851fff fix build issue
johnstcn6ad0904 add external token encryption keys to ./scripts/develop.sh by default
johnstcn1b6e92e Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcnfe21f26 fixup! add external token encryption keys to ./scripts/develop.sh by …
johnstcn8cb07ba decrypt fields when inserting and updating!
johnstcnb6a8a83 Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcnfc4e2a6 Merge remote-tracking branch 'origin/main' into cj/dbcrypt
johnstcn625a85f add docs for encryption
johnstcnFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
4 changes: 2 additions & 2 deletionscli/server.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletioncli/server_createadminuser.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
8 changes: 8 additions & 0 deletionscli/testdata/coder_server_--help.golden
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
6 changes: 6 additions & 0 deletionscoderd/apidoc/docs.go
Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
6 changes: 6 additions & 0 deletionscoderd/apidoc/swagger.json
Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
28 changes: 28 additions & 0 deletionscoderd/database/dbauthz/dbauthz.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletionscoderd/database/dbfake/dbfake.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletionscoderd/database/dbgen/dbgen.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletionscoderd/database/dbmetrics/dbmetrics.go
Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
59 changes: 59 additions & 0 deletionscoderd/database/dbmock/dbmock.go
Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
14 changes: 14 additions & 0 deletionscoderd/database/dump.sql
Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
1 change: 1 addition & 0 deletionscoderd/database/migrations/000153_dbcrypt_sentinel_value.down.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| DROP TABLE IF EXISTS dbcrypt_sentinel; |
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.