Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1510

Allow to store encrypted schema's secret key externally

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.1.6, 3.0.0-M0
    • console, core, enduser
    • None

    Description

      Encrypted plain schema's secret key is used to encrypt the related attribute values.

      Currently, such key is stored alongside with other plain schema's definition items, as cipher algorithm for example.

      While functional, such approach breaks some security compliance rules, as (1) algorithm (2) secret key and (3) encrypted value are all in the same place (Syncope's internal storage).

      We should introduce the possibility to store at least the secret key in another place.

      Moreover, we could also consider, in the schema definition, a conversion pattern which allows, when set, to decrypt the values (if algorithm is compatible) for REST access; among other use cases, this would allow to transparently edit via Admin Console / Enduser UI the related attributes.

      Attachments

        Activity

          People

            ilgrosso Francesco Chicchiriccò
            ilgrosso Francesco Chicchiriccò
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: