[MDL-69801] Introduce a new generic private / public certificate + password / token manager api / Vault API - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 4.0
Fix Version/s: None
Component/s: Administration, Authentication
Labels:
- security_benefit

Affected Branches:
MOODLE_400_STABLE

Description

There is a growing need to have a consistent way of managing security related credentials inside the db in a more robust way. There is probably at least a dozen tables that manage their own passwords which have reinvented things themselves, and with broad spectrum of how they handle things.

I'd call this something like a 'vault api' and it would cover a few related tasks:

1) generating / rolling / revoking passwords

2) creating private / public key cert pairs

3) managing all encrypted db fields consistently using private keys which are only on disk

4) rolling keys and gracefully migrating data

Tasks:

validate_user_key / create_user_key / etc internally encrypt all keys

Attachments

Issue Links

has a non-specific relationship to

MDL-69513 Add ability to add dkim signatures using phpmailer

Closed

MDL-65818 Security: Provide admin setting type for secure data (passwords/tokens)

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Brendan Heywood

Participants:: Brendan Heywood

Component watchers:: Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan

Votes:: 6 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 26/Sep/20 9:25 AM

Updated:: 07/Oct/20 11:45 AM