Encrypt IPMI passwords in Racks
Bug #1572573 reported by
Igor Shishkin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Committed
|
Medium
|
Alexander Lomski |
Bug Description
Hello,
To secure IPMI data it would be really useful to encrypt passwords stored in Racks DB with any kind of symmetric block cipher.
Please encrypt IPMI's passwords with AES-CBC 128 bit with a key obtained from PBKDF2(Django's SECRET_KEY).
All cleartext passwords should be encrypted automatically by Racks.
information type: | Private → Public |
Changed in fuel: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
milestone: | 9.0 → 10.0 |
Changed in fuel: | |
assignee: | Fuel Infra Apps (fuel-infra-apps) → Alexander Lomski (aliaksandr-lomski) |
Changed in fuel: | |
status: | Confirmed → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. fuel-infra. org/22564
Submitter: Alexander Charykov <email address hidden>
Branch: master
Commit: 614e8f4cbc02ed5 a45536f5df29044 a3a059ea4a
Author: Alexander Lomski <email address hidden>
Date: Tue Jul 5 08:25:30 2016
Automatic transparent symmetric encryption for password fields.
Password fields (`api_key` for Jenkins Instances, `ipmi_password` for
Inventory Objects) are encrypted in the database using symmetric
encryption based on server's SECRET_KEY.
Search by contents of IPMI password field has been disabled, IPMI host
and username are still searchable.
Closes-Bug: #1572573 2f859e10e0d0660 4abb6e97dbd
Change-Id: I23b1e1907e9a00