Epic: Encrypt sechub configuration #3250
Assignees
Labels
Comments
de-jcup
added a commit
that referenced
this issue
Jun 27, 2024
This was referenced Jun 27, 2024
de-jcup
changed the title
de-jcup
changed the title
This was referenced Jul 2, 2024
de-jcup
added a commit
that referenced
this issue
Jul 12, 2024
- introduce schedule encryption service and other classes used at startup time and for encryption - restrict access and storage, avoid using configuration when not absolut necessary - created dedicated job message which contains unencrypted configuration at runtime. Only one message uses this one -> clear not accidently used on another code location - created migration scripts, seperated pool id generation for h2 and postgres because of binary type. Also postgres will migrate old data automatically to NoneCipher variant (means no real encryption, but admin will be able to rotate keys...) - because of separation I moved the common sql scripts to dedicated folder (to avoid subfolder problems in flyway execution) - enhanced unit tests + changed to junit5 - updated encryption concept documentation - marked old unencrypted parts as deprecated - job info for user uses decryption to provide meta data for users - admin job info no longer contain config - scan logs no longer contain config
de-jcup
added a commit
that referenced
this issue
Jul 12, 2024
- introduce schedule encryption service and other classes used at startup time and for encryption - restrict access and storage, avoid using configuration when not absolut necessary - created dedicated job message which contains unencrypted configuration at runtime. Only one message uses this one -> clear not accidently used on another code location - created migration scripts, seperated pool id generation for h2 and postgres because of binary type. Also postgres will migrate old data automatically to NoneCipher variant (means no real encryption, but admin will be able to rotate keys...) - because of separation I moved the common sql scripts to dedicated folder (to avoid subfolder problems in flyway execution) - enhanced unit tests + changed to junit5 - updated encryption concept documentation - marked old unencrypted parts as deprecated - job info for user uses decryption to provide meta data for users - admin job info no longer contain config - scan logs no longer contain config
de-jcup
added a commit
that referenced
this issue
Jul 12, 2024
- introduce schedule encryption service and other classes used at startup time and for encryption - restrict access and storage, avoid using configuration when not absolut necessary - created dedicated job message which contains unencrypted configuration at runtime. Only one message uses this one -> clear not accidently used on another code location - created migration scripts, seperated pool id generation for h2 and postgres because of binary type. Also postgres will migrate old data automatically to NoneCipher variant (means no real encryption, but admin will be able to rotate keys...) - because of separation I moved the common sql scripts to dedicated folder (to avoid subfolder problems in flyway execution) - enhanced unit tests + changed to junit5 - updated encryption concept documentation - marked old unencrypted parts as deprecated - job info for user uses decryption to provide meta data for users - admin job info no longer contain config - scan logs no longer contain config - fixed gradle sub module naming problem
de-jcup
added a commit
that referenced
this issue
Jul 12, 2024
- introduce schedule encryption service and other classes used at startup time and for encryption - restrict access and storage, avoid using configuration when not absolut necessary - created dedicated job message which contains unencrypted configuration at runtime. Only one message uses this one -> clear not accidently used on another code location - created migration scripts, seperated pool id generation for h2 and postgres because of binary type. Also postgres will migrate old data automatically to NoneCipher variant (means no real encryption, but admin will be able to rotate keys...) - because of separation I moved the common sql scripts to dedicated folder (to avoid subfolder problems in flyway execution) - enhanced unit tests + changed to junit5 - updated encryption concept documentation - marked old unencrypted parts as deprecated - job info for user uses decryption to provide meta data for users - admin job info no longer contain config - scan logs no longer contain config - fixed gradle sub module naming problem
de-jcup
added a commit
that referenced
this issue
Jul 24, 2024
- added REST end point for admins to fetch encryption status of all domains - added integration test for encryption rotation - fixed integration tests problems with postgres #3322 - added developer admin ui actions - added unit tests - secret key factory now uses ciphe information to setup algorithm of created secret key
de-jcup
added a commit
that referenced
this issue
Jul 25, 2024
- added unit tests - added secure random secret key generator (base64) to developer tools - improved secretkey provider factory
de-jcup
added a commit
that referenced
this issue
Jul 31, 2024
- wrote implementation for encryption cleanup - schedule auto cleanup uses now also schedule encryption cleanup - added unit tests - added integration test for cipher pool data cleanup (inside existing JobScenario2IntTest)
de-jcup
added a commit
that referenced
this issue
Aug 1, 2024
- wrote implementation for encryption cleanup - schedule auto cleanup uses now also schedule encryption cleanup - added unit tests - added integration test for cipher pool data cleanup (inside existing JobScenario2IntTest) - fixed failing tests - added rest documentation
de-jcup
added a commit
that referenced
this issue
Aug 1, 2024
- diagram simplified (more readable) - documentation changes - added undo scripts (flyway)
de-jcup
added a commit
that referenced
this issue
Aug 1, 2024
- diagram simplified (more readable) - documentation changes - added undo scripts (flyway)
de-jcup
added a commit
that referenced
this issue
Aug 1, 2024
de-jcup
added a commit
that referenced
this issue
Aug 2, 2024
de-jcup
added a commit
that referenced
this issue
Aug 5, 2024
* SecHub - described concept of data encryption #3250 - Introduced sechub-encryption #3273 + update bouncy castle version #3275 - encryption implementation are now inside own gradle sub module "sechub-encryption" - refacotred sechub encryption library #3274 - implemented data encryption inside SecHub #3250 - restricted access and storage, avoid using configuration when not absolut necessary - created dedicated job message which contains unencrypted configuration at runtime. Only one message uses this one -> clear not accidently used on another code location - created migration scripts, seperated pool id generation for h2 and postgres because of binary type. Also postgres will migrate old data automatically to NoneCipher variant (means no real encryption, but admin will be able to rotate keys...) - wrote tests - introduced new usecases - new REST APIs introduced - added integration test for encryption rotation - added developer admin ui actions - auto cleanup does also auto clean old unused encryption pool data - Scheduler now only executes for accepted encryption pool ids #3250 - Updated open api file for encryption parts #3250 * PDS - implemented data encryption + documentation #3264 - NONE is default cipher encryption, means startup possible without encryption - summary log service shows encryption algorithm - handled encryption out of sync problems on PDS side and at SecHub side
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Situation
SecHub configuration can contains sensitive data
Wanted
Senstivie data must be handled in a secured way
Solution
Inside this issue
Provide secure handling by sub issues:
The text was updated successfully, but these errors were encountered: