cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Radhika Nair (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-1743) No Section on About Password and Key Encryption Though Multiple References Appear in the Install Guide
Date Wed, 20 Mar 2013 14:25:16 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Radhika Nair updated CLOUDSTACK-1743:
-------------------------------------

    Priority: Minor  (was: Major)
    
> No Section on About Password and Key Encryption Though Multiple References Appear in
the Install Guide
> ------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1743
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1743
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Doc
>    Affects Versions: 4.0.1
>            Reporter: Radhika Nair
>            Priority: Minor
>             Fix For: 4.2.0
>
>
> The following section is missing in the Install Guide:
> <section id="about-password-encryption">
>   <title>About Password and Key Encryption</title>
>   <para>&PRODUCT; stores several sensitive passwords and secret keys that are
used to provide
>     security. These values are always automatically encrypted:</para>
>   <itemizedlist>
>     <listitem>
>       <para>Database secret key</para>
>     </listitem>
>     <listitem>
>       <para>Database password</para>
>     </listitem>
>     <listitem>
>       <para>SSH keys</para>
>     </listitem>
>     <listitem>
>       <para>Compute node root password</para>
>     </listitem>
>     <listitem>
>       <para> VPN password</para>
>     </listitem>
>     <listitem>
>       <para>User API secret key</para>
>     </listitem>
>     <listitem>
>       <para>VNC password</para>
>     </listitem>
>   </itemizedlist>
>   <para>&PRODUCT; uses the Java Simplified Encryption (JASYPT) library. The
data values are
>     encrypted and decrypted using a database secret key, which is stored in one of &PRODUCT;’s
>     internal properties files along with the database password. The other encrypted values
listed
>     above, such as SSH keys, are in the &PRODUCT; internal database.</para>
>   <para>Of course, the database secret key itself can not be stored in the open
– it must be
>     encrypted. How then does &PRODUCT; read it? A second secret key must be provided
from an
>     external source during Management Server startup. This key can be provided in one
of two ways:
>     loaded from a file or provided by the &PRODUCT; administrator. The &PRODUCT;
database has a new
>     configuration setting that lets it know which of these methods will be used. If the
encryption
>     type is set to “file,” the key must be in a file in a known location. If the
encryption type is
>     set to “web,” the administrator runs the utility
>     com.cloud.utils.crypt.EncryptionSecretKeySender, which relays the key to the Management
Server
>     over a known port.</para>
>   <para>The encryption type, database secret key, and Management Server secret
key are set during
>     &PRODUCT; installation. They are all parameters to the &PRODUCT; database
setup script
>     (cloud-setup-databases). The default values are file, password, and password. It
is, of course,
>     highly recommended that you change these to more secure keys.</para>
> </section>

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message