Switch to AES-256-GCM encryption for secrets #3356

dmjb · 2024-05-17T09:15:12Z

[Ignore the name of the branch, this branch started out as something else originally]

This PR should not be merged until the changes in #3351 have been rolled out into production.

Use GCM encryption as the default encryption algorithm for Minder. At this
point, we now have a hard requirement to use the new EncryptedData structure in
the database - the old columns (for the access token, and for the redirect URL)
do not track the algorithm used and therefore they are not useful letting us know
which algorithm to use during decryption. As part of the migration away from the
old columns, I have made the following changes in this PR:

Make the old columns nullable
Stop writing to the old columns
Change all unit tests which relied on the old columns

Tested locally with a mix of new and old providers.

Summary

Provide a brief overview of the changes and the issue being addressed.
Explain the rationale and any background necessary for understanding the changes.
List dependencies required by this change, if any.

Fixes #(related issue)

Change Type

Mark the type of change your PR introduces:

Bug fix (resolves an issue without affecting existing features)
Feature (adds new functionality without breaking changes)
Breaking change (may impact existing functionalities or require documentation updates)
Documentation (updates or additions to documentation)
Refactoring or test improvements (no bug fixes or new functionality)

Testing

Outline how the changes were tested, including steps to reproduce and any relevant configurations.
Attach screenshots if helpful.

Review Checklist:

Reviewed my own code for quality and clarity.
Added comments to complex or tricky code sections.
Updated any affected documentation.
Included tests that validate the fix or feature.
Checked that related changes are merged.

stacklokbot

✅ No Invisible Unicode Characters Detected.

stacklokbot

✅ No Invisible Unicode Characters Detected.

stacklokbot

✅ No Mixed Scripts Detected.

stacklokbot

✅ No Invisible Unicode Characters Detected.

stacklokbot

✅ No Mixed Scripts Detected.

stacklokbot

✅ No Invisible Unicode Characters Detected.

stacklokbot

✅ No Mixed Scripts Detected.

stacklokbot

✅ No Invisible Unicode Characters Detected.

stacklokbot

✅ No Mixed Scripts Detected.

stacklokbot

✅ No Invisible Unicode Characters Detected.

stacklokbot

✅ No Mixed Scripts Detected.

coveralls · 2024-05-17T11:54:00Z

coverage: 51.915% (+0.03%) from 51.889%
when pulling 11285ae on random-salt
into beba799 on main.

Fixes #3317 Use GCM encryption as the default encryption algorithm for Minder. At this point, we now have a hard requirement to use the new EncryptedData structure in the database - the old columns (for the access token, and for the redirect URL) do not track the algorithm used. As part of the migration away from the old columns, I have made the following changes in this PR: 1. Make the old columns nullable 2. Stop writing to the old columns 3. Change all unit tests which relied on the old columns

jhrozek

I tested enrolling an OAuth provider with the old code and then using it with the new code as well as enrolling with the new code.
The change in migration looks saas-safe, too (we drop NULL, but the old code would still write non-null values).

-> ACK

dmjb requested a review from a team as a code owner May 17, 2024 09:15