Updating Platform Certificates leaves Root_CA/ICA private key in unencrypted form
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Marcelo de Castro Loebens |
Bug Description
Brief Description
-----------------
The playbook that migrates certificates to cert-manager leaves a temporary file with specs for the certificate issuer. This file contain sensitive data about the issuer, should be handled with care and deleted when it isn't required anymore.
Severity
--------
Minor.
Steps to Reproduce
------------------
- Follow the steps in https:/
- List the files inside '/tmp' folder. Observe that the playbook created the file 'platform_
Expected Behavior
------------------
After the execution of the playbook, the file should be deleted.
Actual Behavior
----------------
File is created and readable by any logged user.
Reproducibility
---------------
100%.
System Configuration
-------
Simplex.
Branch/Pull Time/Commit
-------
Master.
Last Pass
---------
NA.
Timestamp/Logs
--------------
NA
Test Activity
-------------
Developer Testing
Workaround
----------
Remove the file manually.
Changed in starlingx: | |
assignee: | nobody → Marcelo de Castro Loebens (mdecastr) |
information type: | Public → Public Security |
Changed in starlingx: | |
status: | New → In Progress |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.security |
tags: | added: stx.9.0 |
description: | updated |
Review: https:/ /review. opendev. org/c/starlingx /ansible- playbooks/ +/874801