Encrypt IPMI passwords in Racks
Bug #1572573 reported by
Igor Shishkin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Fuel for OpenStack |
Fix Committed
|
Medium
|
Alexander Lomski | ||
Bug Description
Hello,
To secure IPMI data it would be really useful to encrypt passwords stored in Racks DB with any kind of symmetric block cipher.
Please encrypt IPMI's passwords with AES-CBC 128 bit with a key obtained from PBKDF2(Django's SECRET_KEY).
All cleartext passwords should be encrypted automatically by Racks.
| information type: | Private → Public |
| Changed in fuel: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| milestone: | 9.0 → 10.0 |
| Changed in fuel: | |
| assignee: | Fuel Infra Apps (fuel-infra-apps) → Alexander Lomski (aliaksandr-lomski) |
| Changed in fuel: | |
| status: | Confirmed → In Progress |
Revision history for this message
| Fuel Devops McRobotson (fuel-devops-robot) wrote Fix merged to fuel-infra/packages/python-django-racks (master) | #1 |
| Changed in fuel: | |
| status: | In Progress → Fix Committed |
To post a comment you must log in.
Reviewed: https:/
Submitter: Alexander Charykov <email address hidden>
Branch: master
Commit: 614e8f4cbc02ed5
Author: Alexander Lomski <email address hidden>
Date: Tue Jul 5 08:25:30 2016
Automatic transparent symmetric encryption for password fields.
Password fields (`api_key` for Jenkins Instances, `ipmi_password` for
Inventory Objects) are encrypted in the database using symmetric
encryption based on server's SECRET_KEY.
Search by contents of IPMI password field has been disabled, IPMI host
and username are still searchable.
Closes-Bug: #1572573
Change-Id: I23b1e1907e9a00