Releasing Docker Image

[alexyao2015]

Are there any harms/dangers to security with releasing a BitBetter image along with the private keys? It appears that the certificate is used solely for licensing which should not impact security.

This would make running the image easier with simply a change to the docker-compose.override.

The same could be said with the license gen.

[JeffAlyanak]

It shouldn't constitute a security issue, so this is a possibility.

[GieltjE]

Might not be beneficial in the end, we could easily create a docker image that generates them if they do not excist and the might patch future updates to block a specific key and screw everyone using it over. However releasing docker images should not be too dificult, it just needs weighing against the current setup (we now have an update script since the most recent patches which should solve a lot of issues.

[JeffAlyanak]

@GieltjE I'll leave this issue open for now as we get some feedback from the new patches and then we can decide from there whether we ought to tackle docker images.

[alexyao2015]

Take a look here. This is setup to automatically update Bitwarden images upon release and has the ability to automatically regenerate certificates if necessary.

[captainhook]

I'm not a fan of shared keys, even if they are only for licensing. This would allow anyone to obtain a valid license against someone's public instance with registration enabled - not sure why anyone would do that and it's an unlikely case but regardless it does leave that hole open.

If we do it such that keys are generated and stored on a mounted volume at first run that would avoid such a security issue.

@alexyao2015 nice work with the docker change... perhaps you could adapt your change to do what I've mentioned above instead of carrying a fixed private key, what do you reckon?

[alexyao2015]

And... Done!

[JeffAlyanak]

I'm not a fan of shared keys, even if they are only for licensing. This would allow anyone to obtain a valid license against someone's public instance with registration enabled - not sure why anyone would do that and it's an unlikely case but regardless it does leave that hole open.

It's not a security issue, as a registered user has to log in to apply the license and applying the license wouldn't grant them any additional privileges that they didn't already have aside from unlocking features.

There is a minor downside to using unique keys generated at build time. If the user loses their keys after building their instance they'll be unable to generate new licenses without rebuilding their image.

[alexyao2015]

The nice thing about this is there is no need to rebuild the image for certificate replacements. It automatically replaces the certificate at runtime. Either way, there are two different images provided there to satisfy both people.

[JeffAlyanak]

The nice thing about this is there is no need to rebuild the image for certificate replacements. It automatically replaces the certificate at runtime. Either way, there are two different images provided there to satisfy both people.

It recompiles the Core.dll with the new cert at runtime?

[alexyao2015]

That's correct.

[alexyao2015]

There's no real work to be done anymore. There is nothing manual to do since it is all done automatically now. See here and here

[sutidor]

@alexyao2015 can I safely use this, when BitBetter was previously installed and there are organisations already?

[alexyao2015]

Yep! It will automatically generate and store new certificates in the bwdata folder if you use the custom image. If you are already using BitBetter, you can copy over your existing certificates for a seamless migration. Alternatively, you can use the prebuilt images with public keys and generate your own licenses from there. If you decide to let it generate new certificates, Bitwarden will invalidate any old licenses you have installed. You will then just need to generate and install a new license.

[sutidor]

Since I messed up this time... Which keys are the ones to preserve in order to keep licenses intact, bwdata/bitbetter/ ones? Also I suppose that if I run the container once with wrong keys, the orgs are invalidated, even if I restore the correct ones, right?

[alexyao2015]

It should be in .keys.

The organization itself will not be invalidated. Just the licenses for it. Really not a big deal to start over with new keys. Just need to go in and generate new licenses.

[h44z]

Closed due to inactivity.