-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
4.0
-
MOODLE_400_STABLE
There is a growing need to have a consistent way of managing security related credentials inside the db in a more robust way. There is probably at least a dozen tables that manage their own passwords which have reinvented things themselves, and with broad spectrum of how they handle things.
I'd call this something like a 'vault api' and it would cover a few related tasks:
1) generating / rolling / revoking passwords
2) creating private / public key cert pairs
3) managing all encrypted db fields consistently using private keys which are only on disk
4) rolling keys and gracefully migrating data
Tasks:
- validate_user_key / create_user_key / etc internally encrypt all keys
- blocks
-
MDL-79770 Custom Profile Fields: Encrypted Fields
- Open
- has a non-specific relationship to
-
MDL-69513 Add ability to add dkim signatures using phpmailer
- Closed
-
MDL-73088 Refactor /user/managetoken.php to allow all user keys to be managed and revoked
- Open
-
MDL-76640 Allow admin users to use user/managetoken.php safely like a normal user
- Development in progress
-
MDL-65818 Provide admin setting type for secure data (passwords/tokens)
- Closed