PSK in the VPNAAS is stored/displayed in Plain text
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
High
|
Unassigned |
Bug Description
Pre shared key for the vpnaas is stored in plain text .
/var/lib/
# Configuration for myvpn1
$Site_Address $Peer_address : PSK "secret"
and also when we we perform neutron ipsec-site-
-------
| Field | Value |
+------
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 981ebe4c-
| ikepolicy_id | a8d616f9-
| initiator | bi-directional |
| ipsecpolicy_id | 4fc920e8-
| mtu | 1500 |
| name | vpnconnection2 |
| peer_address | 1$Peer_address |
| peer_cidrs | $Peer_cidr |
| peer_id | $peer_id |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | d209c7ac08304ff
| vpnservice_id | 9d550160-
+------
secret is the psk for the ipsec site connection.
Should it not be in the encrypted format?
This is known issue and PSK should be in the Barbican according to discussion about service cred management