Feature #2929

Generate CR encryption key during package installation

Added by Dominic Cleal almost 5 years ago. Updated 7 days ago.

Status:Closed
Priority:Normal
Assignee:Dominic Cleal
Category:Packaging
Target version:1.5.0
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:
Pull request:

Description

In #2424, compute resource passwords gained the ability to be encrypted. This requires that a key is generated and existing passwords are encrypted via the new rake tasks.

rake security:generate_encryption_key     # Generate new encryption key
rake db:compute_resources:decrypt # Decrypt compute resource fields
rake db:compute_resources:encrypt # Encrypt compute resource fields

The generate task creates a key at ~foreman/config/initializers/encryption_key.rb but I suggest for the purposes of packaging, we move this to /etc/foreman after it's created and symlink it back into place. Ensure permissions are tight.


Related issues

Related to Foreman - Feature #2424: encrypt compute resource password Closed 04/24/2013

Associated revisions

Revision c5f9c1ac
Added by Dominic Cleal over 4 years ago

refs #2929 - generate encryption key and encrypt data in postinstall

Revision fab676e8
Added by Dominic Cleal over 4 years ago

fixes #2929 - generate encryption key and encrypt data in postinstall

History

#1 Updated by Dominic Cleal almost 5 years ago

  • Related to Feature #2424: encrypt compute resource password added

#2 Updated by Dominic Cleal almost 5 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal

#3 Updated by Lukas Zapletal almost 5 years ago

  • Target version changed from 1.3.0 to 1.4.0

#4 Updated by Greg Sutcliffe almost 5 years ago

  • Target version deleted (1.4.0)

#5 Updated by Dmitri Dolguikh over 4 years ago

  • Target version set to 1.10.0

#6 Updated by Dominic Cleal over 4 years ago

  • Target version changed from 1.10.0 to 1.9.3

#7 Updated by Dmitri Dolguikh over 4 years ago

  • Target version deleted (1.9.3)

#8 Updated by Dmitri Dolguikh over 4 years ago

  • Target version set to 1.9.0

#10 Updated by Dominic Cleal over 4 years ago

  • Status changed from Assigned to Ready For Testing

#11 Updated by Dmitri Dolguikh over 4 years ago

  • Target version changed from 1.9.0 to 1.8.4

#12 Updated by Dominic Cleal over 4 years ago

  • Legacy Backlogs Release (now unused) set to 4

#13 Updated by Lukas Zapletal over 4 years ago

  • Status changed from Ready For Testing to Closed

Merged as fab676e.

Also available in: Atom PDF