MAAS

Encrypt the BMC credentials

Bug #1886850 reported by Nick Niehoff on 2020-07-08

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	MAAS	Fix Released	Medium	Unassigned	MAAS 3.3.0-beta3

Bug Description

When MAAS enlists a machine and configures the BMC (specifically IPMI) user for MAAS the credentials are stored in the maasserver_bmc table. For organizations with strict security requirements, the password at least should be encrypted when stored.

Lee Trager (ltrager) on 2020-07-09

Changed in maas:
importance:	Undecided → Wishlist

Nick Niehoff (nniehoff) on 2020-07-14

summary:

- [feature] MAAS should encrypt the BMC credentials
+ Encrypt the BMC credentials

Dougal Matthews (d0ugal) on 2020-10-12

Changed in maas:
status:	New → Confirmed

Alberto Donato (ack) on 2021-05-18

Changed in maas:
status:	Confirmed → Triaged

Revision history for this message

Evan Sikorski (evan.sikorski) wrote on 2022-08-10:

I'm not this would solve the problem without 3rd party tools, as I believe RPC communication between Region and Rack is still plaintext.

Revision history for this message

Thorsten Merten (thorsten-merten) wrote on 2022-11-24:

MAAS 3.3 will deliver a connection to hashicorps vault. This way secrets can be moved out of the way to a secure storage place. This should also fix this problem.

Changed in maas:
importance:	Wishlist → Medium
milestone:	none → 3.3.0
status:	Triaged → Fix Committed

Alexsander de Souza (alexsander-souza) on 2022-11-28

Changed in maas:
milestone:	3.3.0 → 3.3.0-beta3
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.