Skip to content

[DON'T- MERGE]Add the design for the API to help rotate secret. #259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[DON'T- MERGE]Add the design for the API to help rotate secret. #259

wants to merge 2 commits into from

Conversation

reasonerjt
Copy link
Contributor

It decrypt the data with the old key and encrypt using the new key

@reasonerjt
Add the design for the API to help rotate secret.
85f35e4 
It decrypt the data with the old key and encrypt using the new key

Signed-off-by: Daniel Jiang <[email protected]>
@reasonerjt reasonerjt requested review from a team as code owners February 19, 2025 13:03
@reasonerjt reasonerjt assigned wy65701436 and stonezdj and unassigned zyyw Feb 19, 2025
Vad1mo
Vad1mo approved these changes Feb 25, 2025
View reviewed changes
Copy link
Member

@Vad1mo Vad1mo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good thing to have

reasonerjt
reasonerjt commented Mar 3, 2025
View reviewed changes
proposals/new/rotate-secret-key-api.md
mentioned. If the API is called with `skip_oidc_secret` set to `true`, the OIDC secrets will not be usable after the secret key is
updated, and the user will need to manually update the OIDC secret via Harbor's UI.

### Implementation
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, I found an issue when testing the code.
Harbor has been using AES256-CFB to encrypt/decrypt the data, and if the user provides an incorrect key as "current_secret_key" to decrypt the data, there seems no good way to detect it. Therefore, if the user passes a wrong key when calling the API, the wrong data will be persisted and it will be very hard to recover.

This seems a bit too dangerous even though we expect it to be used only by system admin.

@reasonerjt reasonerjt changed the title Add the design for the API to help rotate secret. [DON'T- MERGE]Add the design for the API to help rotate secret. Mar 3, 2025
@reasonerjt reasonerjt mentioned this pull request Mar 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vad1mo Vad1mo Vad1mo approved these changes

@stonezdj stonezdj stonezdj approved these changes

At least 3 approving reviews are required to merge this pull request.

Assignees

@Vad1mo Vad1mo

@stonezdj stonezdj

@wy65701436 wy65701436

@MinerYang MinerYang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@reasonerjt @Vad1mo @stonezdj @wy65701436 @zyyw @MinerYang