Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1510

Allow to store encrypted schema's secret key externally

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1.6, 3.0.0
    • Component/s: console, core, enduser
    • Labels:
      None

      Description

      Encrypted plain schema's secret key is used to encrypt the related attribute values.

      Currently, such key is stored alongside with other plain schema's definition items, as cipher algorithm for example.

      While functional, such approach breaks some security compliance rules, as (1) algorithm (2) secret key and (3) encrypted value are all in the same place (Syncope's internal storage).

      We should introduce the possibility to store at least the secret key in another place.

      Moreover, we could also consider, in the schema definition, a conversion pattern which allows, when set, to decrypt the values (if algorithm is compatible) for REST access; among other use cases, this would allow to transparently edit via Admin Console / Enduser UI the related attributes.

        Attachments

          Activity

            People

            • Assignee:
              ilgrosso Francesco Chicchiriccò
              Reporter:
              ilgrosso Francesco Chicchiriccò
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: