search

gaborcsardi / secret

:closed_lock_with_key: Secure sharing of sensitive information in R packages
Other
102 stars 16 forks source link

Regenerate the key when changing a secret #10

Closed andrie closed 7 years ago

andrie commented 7 years ago

When changing the secret, it's key is not changed, which is an error if a user of that secret was deleted.

andrie commented 7 years ago

I couldn't replicate.

@gaborcsardi Can you please provide more information on how to reproduce this behaviour?

I tried:

dir.create("vault")
create_vault("vault")
list_secrets("vault")
add_github_user("andrie", vault = "vault")
add_github_user("hadley", vault = "vault")
list_users("vault")
add_secret("iris", iris, users = "github-andrie", vault = "vault")
share_secret("iris", users = "github-hadley", vault = "vault")
delete_user("github-hadley", vault = "vault")
update_secret("iris", mtcars, vault = "vault")
list_secrets("vault")
get_secret("iris", vault = "vault")
gaborcsardi commented 7 years ago

@andrie You are right, it seems that there are no problems here.

Security is a delicate matter, though, so let me try to understand why. :)

gaborcsardi commented 7 years ago

@andrie There is a problem, actually. The test case in 86bdb8dfeb2aad8eb839bbfd2a6beccdeba9f9b4 explains why.

It is easy to fix it, though.