Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 4.0
-
Fix Version/s: None
-
Component/s: Administration, Authentication
-
Labels:
-
Affected Branches:MOODLE_400_STABLE
Description
There is a growing need to have a consistent way of managing security related credentials inside the db in a more robust way. There is probably at least a dozen tables that manage their own passwords which have reinvented things themselves, and with broad spectrum of how they handle things.
I'd call this something like a 'vault api' and it would cover a few related tasks:
1) generating / rolling / revoking passwords
2) creating private / public key cert pairs
3) managing all encrypted db fields consistently using private keys which are only on disk
4) rolling keys and gracefully migrating data
Tasks:
- validate_user_key / create_user_key / etc internally encrypt all keys