Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69801

Introduce a new generic private / public certificate + password / token manager api / Vault API

    XMLWordPrintable

Details

    • MOODLE_400_STABLE

    Description

      There is a growing need to have a consistent way of managing security related credentials inside the db in a more robust way. There is probably at least a dozen tables that manage their own passwords which have reinvented things themselves, and with broad spectrum of how they handle things.

      I'd call this something like a 'vault api' and it would cover a few related tasks:

      1) generating / rolling / revoking passwords

      2) creating private / public key cert pairs

      3) managing all encrypted db fields consistently using private keys which are only on disk

      4) rolling keys and gracefully migrating data

       

      Tasks:

      • validate_user_key / create_user_key / etc internally encrypt all keys

       

      Attachments

        Issue Links

          has a non-specific relationship to

          New Feature - A new Moodle feature which has yet to be developed. MDL-69513 Add ability to add dkim signatures using phpmailer

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Improvement - An enhancement to an existing Moodle feature. MDL-65818 Provide admin setting type for secure data (passwords/tokens)

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              Unassigned Unassigned
              brendanheywood Brendan Heywood
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Stevani Andolo, Jake Dallimore, Mathew May, Mihail Geshoski
              Votes:
              7 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated: