Encrypt SecHub configuration in Database - Githubissues

mercedes-benz / sechub

SecHub provides a central API to test software with different security tools.

https://mercedes-benz.github.io/sechub/

MIT License

259 stars 58 forks source link

Encrypt SecHub configuration in Database #3263

Open de-jcup opened 2 days ago

de-jcup commented 2 days ago

Situation

Currently the user configuration is not encrypted.

With #837 we have now some security helper classes which provide a secure way to handle this.

:information_source: This is a sub issue of #3250

Wanted

We want user configuration data encrypted inside database. So user credentials inside configurations will be stored encrypted inside database

Solution

[ ] Introduce new table to hold encryption data for cluster (use concept created in epic #3250 )
[ ] Write migration sql flyway script - NONE encryption after migration
Handle all parts with encryption in SecHub database:
- [ ] Automatically update existing jobs which are done
- [ ] Startup phase blocks when a server does not support encryption / sanity check fails
- [ ] New jobs have automatically encrypted configuration