launchpadlib

Make it easy to keep credentials encrypted

Bug #293623 reported by Leonard Richardson on 2008-11-04

Affects		Status	Importance	Assigned to	Milestone
	launchpadlib	Invalid	High	Unassigned

Bug Description

Currently credential files are stored wherever you like. But credential files let someone else access Launchpad as you and carry out actions in your name. It's more like a GPG private key than like your Linux account's password.

We should make it easy to store a credential file in a known secure location (if one exists), say ~/Private/.launchpadlib/[host]-[appname].credential.

Leonard Richardson (leonardr) on 2009-04-20

Changed in launchpadlib:
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

Martin Pool (mbp) wrote on 2011-01-15:

I think this bug is misconceived, and Launchpad should not do anything special in this direction. The standard way to store encrypted credentials is in the system's keyring database. Security-conscious users will likely opt in to having their entire home directory encrypted.

Revision history for this message

Martin Pool (mbp) wrote on 2011-01-16:

I should perhaps explain a bit more why I posted comment #1:

If we implement bug 509168, the user can point $XDG_CACHE_HOME whereever they want, taking into account security in whatever way they want. Indeed, even without that, they can move ~/.launchpadlib into ~/Private and leave a forwarding symlink, and it will then be encrypted, without needing any code changes in Launchpadlib. Of course these require explicit user action so perhaps they don't count as making it _easy_.

(I'll note in passing that there may be security-sensitive files in the cache, such as CVE bugs, and so the whole cache needs to be protected for high-sensitivity users.)

More generally, the topic of keeping credential files secure is a general responsibility of the whole Ubuntu platform. There are various part-solutions: whole-disk encryption, home directory encryption, gnome/kde keyrings, etc. I think launchpadlib ought to play well with them and then put any additional effort into making those components better.

Specifically: when installing Ubuntu, you check "encrypt my home directory" and then this is all safe. Alternatively, Launchpadlib can store things in the keyring and let it encrypt them. For unattended/server usage, I don't think there's much we can do with the credentials other than make sure the server is secure.

Launchpad could probably do more towards helping people manage the keys (but these are separate bugs):

* show when the keys were last used, and from what IP
* record an audit trail
* send mail for important actions like changing gpg key or mail address or issuing new credentials (may already be covered)
* make it easy to generate time-limited keys

I don't think anything particularly needs to be done about encrypting the keys on the client beyond putting them in the keyring if one is available.

hth

Revision history for this message

Leonard Richardson (leonardr) wrote on 2011-02-07:

Marking invalid; the current keyring code is sufficient.

Changed in launchpadlib:
status:	Triaged → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.