search

inhumantsar / python-ansible-vault-rekey

Rolls keys and re-encrypts secrets in any repo using Ansible Vault
Other
2 stars 3 forks source link

Possible leaking highly sensitive information #354

Open rkokkelk opened 3 years ago

rkokkelk commented 3 years ago

Delving into this project I've encountered some implementation regarding the encrypting/decrypting of content and writing them to disk. The code currently writes all decrypted content to the backup directory by default and only allows the usage of a password file both results in content been available on the disk.

Additionally the backup directory is used by default and is hidden by default which can result in sensitive information being leaked for a considerable time if the application fails before the backup directory is removed.

In my situation passwords or unencrypted vault content may never be written to disk and rekeys therefore require in memory only computations. My proposal is therefore as follows:

1) Remove any disk IO functionality. All decrypted content is stored only in memory and is written to disk only once it is encrypted 2) Allow for both password files or passwords in mem such as environment variable or STDIN.

I'm interested on your opinions regarding this implementation.

inhumantsar commented 3 years ago

Sounds like a great plan. This was a quick and dirty solution which never received much attention. Glad to have a critical eye on it.

On Wed., Dec. 30, 2020, 3:13 p.m. RoyK, notifications@github.com wrote:

Delving into this project I've encountered some implementation regarding the encrypting/decrypting of content and writing them to disk. The code currently writes all decrypted content to the backup directory by default and only allows the usage of a password file both results in content been available on the disk.

Additionally the backup directory is used by default and is hidden by default which can result in sensitive information being leaked for a considerable time if the application fails before the backup directory is removed.

In my situation passwords or unencrypted vault content may never be written to disk and rekeys therefore require in memory only computations. My proposal is therefore as follows:

  1. Remove any disk IO functionality. All decrypted content is stored only in memory and is written to disk only once it is encrypted
  2. Allow for both password files or passwords in mem such as environment variable or STDIN.

I'm interested on your opinions regarding this implementation.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/inhumantsar/python-ansible-vault-rekey/issues/354, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADYVLPNPE2SLA5J7TTICRTSXOJWVANCNFSM4VOXCK5A .