Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69801

Introduce a new generic private / public certificate + password / token manager api / Vault API

    XMLWordPrintable

Details

    • MOODLE_400_STABLE

    Description

      There is a growing need to have a consistent way of managing security related credentials inside the db in a more robust way. There is probably at least a dozen tables that manage their own passwords which have reinvented things themselves, and with broad spectrum of how they handle things.

      I'd call this something like a 'vault api' and it would cover a few related tasks:

      1) generating / rolling / revoking passwords

      2) creating private / public key cert pairs

      3) managing all encrypted db fields consistently using private keys which are only on disk

      4) rolling keys and gracefully migrating data

       

      Tasks:

      • validate_user_key / create_user_key / etc internally encrypt all keys

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              brendanheywood Brendan Heywood
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Stevani Andolo, Jake Dallimore, Mathew May, Mihail Geshoski
              Votes:
              7 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated: