Encrypt IPMI passwords in Racks

Bug #1572573 reported by Igor Shishkin on 2016-04-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Alexander Lomski

Bug Description


To secure IPMI data it would be really useful to encrypt passwords stored in Racks DB with any kind of symmetric block cipher.

Please encrypt IPMI's passwords with AES-CBC 128 bit with a key obtained from PBKDF2(Django's SECRET_KEY).
All cleartext passwords should be encrypted automatically by Racks.

information type: Private → Public
Changed in fuel:
status: New → Confirmed
importance: Undecided → Medium
milestone: 9.0 → 10.0
Changed in fuel:
assignee: Fuel Infra Apps (fuel-infra-apps) → Alexander Lomski (aliaksandr-lomski)
Changed in fuel:
status: Confirmed → In Progress

Reviewed: https://review.fuel-infra.org/22564
Submitter: Alexander Charykov <email address hidden>
Branch: master

Commit: 614e8f4cbc02ed5a45536f5df29044a3a059ea4a
Author: Alexander Lomski <email address hidden>
Date: Tue Jul 5 08:25:30 2016

Automatic transparent symmetric encryption for password fields.

Password fields (`api_key` for Jenkins Instances, `ipmi_password` for
Inventory Objects) are encrypted in the database using symmetric
encryption based on server's SECRET_KEY.

Search by contents of IPMI password field has been disabled, IPMI host
and username are still searchable.

Closes-Bug: #1572573
Change-Id: I23b1e1907e9a002f859e10e0d06604abb6e97dbd

Changed in fuel:
status: In Progress → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers