- Notifications
You must be signed in to change notification settings - Fork926
feat(coderd): plumb through dbcrypt package#9433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
- Adds a command dbcrypt-rotate to re-enncrypt encrypted data- Plumbs through dbcrypt in enterprise/coderd (including unit tests)- Enables database encryption in develop.sh by defaultCo-authored-by: Kyle Carberry <kyle@coder.com>
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| return xerrors.Errorf("get users: %w", err) | ||
| } | ||
| for idx, usr := range users { | ||
| userLinks, err := cryptDB.GetUserLinksByUserID(ctx, usr.ID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Should put comments everywhere so people forget to add something in one place and forget it here.
| database. The value must be a comma-separated list of base64-encoded | ||
| keys. A maximum of two keys may be provided. Each key, when | ||
| base64-decoded, must be exactly 32 bytes in length. The first key will | ||
| be used to encrypt new values. Subsequent keys will be used as a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It seems a little confusing that there's a maximum of two keys but this refers to "subsequent keys". Maybe it should say "the optional second key" instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Based on other comments, I'm considering removing the restriction on the number of keys. I can see a legitimate use case for needing to have three keys for a period of time.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| opts = vals.Options() | ||
| ) | ||
| cmd := &clibase.Cmd{ | ||
| Use: "dbcrypt-rotate --postgres-url <postgres_url> --external-token-encryption-keys <new-key>,<old-key>", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
running this from the CLI that has to have direct DB access is kind of obnoxious from an operator's standpoint.
What about making it an API call you could make to an appropriately-keyed Coderd? We could still have the CLI command, but you could run it from anywhere with Coder access. We could also consider a button on the front end at some later date.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
While this would be a nice usability improvement, it has precedence already with thereset-password CLI command. It's a good candidate for a follow-up PR though!
Closing in favour of#9523 |
Uh oh!
There was an error while loading.Please reload this page.
See#9523 instead.
This commit builds upon#9421. It is recommended to read this first.
dbcrypt-rotateto re-enncrypt encrypted datadbcryptinenterprise/coderd(including unit tests)develop.shby defaultadmin/encryption.md