amelhusic
commented
4 years ago This is related to https://github.com/haproxytech/haproxy-consul-connect/issues/12
Closed amelhusic closed 4 years ago
amelhusic
commented
4 years ago This is related to https://github.com/haproxytech/haproxy-consul-connect/issues/12
ShimmerGlass
commented
4 years ago I don't think hashing the password is needed here. b64 should only output chars compatible with the config file format and hashing doesn't add entropy to the generated string. Otherwise LGTM.
amelhusic
commented
4 years ago If we remove hashing func, then we need to use insecure-password again. From the issue https://github.com/haproxytech/haproxy-consul-connect/issues/12:
One possible simple solution would be to generate a strong crypto-random password for HAProxy on every startup so it's only in-memory in the consul-haproxy process and passed through to HAProxy. I guess the Config is written to disk so I'd suggest using the secure (hashed) password config to pass it through and hashing the random password in consul-haproxy. That way you can have high confidence that the only process able to configure the proxy is same consul-haproxy process that stated it.
My understanding from above is that generated password should be in memory and encrypted password saved to disk. What do you think?
EDIT: After rethinking this, I think also we don't need a password. Also, usage of password will affect a CPU usage according to docs. So, I removed hashing func.
ShimmerGlass
commented
4 years ago LGTM
This change previously hard coded password ("insecure-password" in HAProxy config) usage and instead use hashed password("password"). So, on every start up a random password is generated, hashed and then saved to HAProxy conf. Generated password is stored in memory, while hashed password is saved to HAProxy conf.