Open chessbyte opened 4 years ago
Fryguy
commented
4 years ago We'd need an abstraction over the current authentications and endpoints tables so that the code changes aren't too drastic. We'd also have to solve relationships somehow so we know which provider/host/vm/region belongs to which authentication.
One approach may be to keep a placeholder authentication record, with something describing that it lives in an external vault system under a particular key
Fryguy
commented
4 years ago I'm pretty sure a majority, if not all, of the passwords live in the authentications table. If not, we'll need to move those over. Only one I can think of that may not be are http proxy passwords, which are part of the settings (even though encrypted). @jrafanie @bdunne are you aware of any others?
jrafanie
commented
4 years ago We have a whole list of them in the settings walker: https://github.com/ManageIQ/manageiq/blob/98d2ee960082f65cb63ad597d54e9c84a3ee6ffa/lib/vmdb/settings_walker.rb#L3
Besides those, the authentications table, and the various tokens we generate and store in the miq_databases row, I am not aware of any other passwords stored in the db.
miq-bot
commented
1 year ago This issue has been automatically marked as stale because it has not been updated for at least 3 months.
If you can still reproduce this issue on the current release or on master, please reply with all of the information you have about it in order to keep the issue open.
Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation.
miq-bot
commented
1 year ago This issue has been automatically closed because it has not been updated for at least 3 months.
Feel free to reopen this issue if this issue is still valid.
Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation.
Should consider making plugins for