Closed iokiwi closed 4 years ago
iokiwi: So somone checked out homeserver.yaml into github and all the secret keys were exposed. How do I go about rotating them and what are the implications?
Richard (@richard:wiedenhoeft.xyz): iokiwi: That's bad. First of all follow https://help.github.com/en/github/authenticating-to-github/removing-sensitive-data-from-a-repository to limit the damage. I don't know about the implications for your homeserver. Someone else should elaborate.
Of course you should change the secrets. I suggest doing that now and worry about breakage of bridge, bots, etc. later.
Are your signing keys still uncompromised?
iokiwi: Richard, I think so, I will check. The homeserver is in its infancy so there are very few users, messages and data there. It will be fine to blow away the database and start again if necessary
Yeah signing keys are all good
Not checked in to github
Richard (@richard:wiedenhoeft.xyz): iokiwi: If users on your server are already in federated channels, starting from scratch may lead to problems
bromide_squeak: Richard: what exactly are the secrets to worry about?
Richard (@richard:wiedenhoeft.xyz): bromide_squeak: All of them. That's why they're secret.
iokiwi: that's a pain. I know at least my user is in federated channels to test that federation was working
Richard (@richard:wiedenhoeft.xyz): Leaving the channel may help. But nuking your homeserver is kind of the ultima ratio. I wouldn't start with that. Your priorities are: 1. Change the secret. 2. Clean the github repo 3. Assess whether someone used the secrets (e.g. check database dumps for new and unknown users). 4. Review your procedures for handling sensitive data
bromide_squeak: I'm looking at what secrets were autogenerated in the .yaml file
I see a few, I"m not sure what they're all for
there's a macaroon_secret_key
iokiwi: Ok thanks Richard I will follow those steps above and deal with any fallout as it comes
Richard (@richard:wiedenhoeft.xyz): Oh and I may be wrong about not nuking here. Maybe someone more familiar with Synapse code can correct me if necessary.
iokiwi: Yeah ^ please anyone if you known the best option let me know. Nuking from orbit is thankfully an option for me right now
Richard (@richard:wiedenhoeft.xyz): iokiwi: Oh and I forgot to mention. Your server should of course be stopped until you finish cleaning up.
Aaron: No it shouldn’t be necessary, especially if you want to use that domain name again it’s best to avoid nuking from orbit.
Richard’s steps are the same that I would take
iokiwi: Ok thanks for the confirmation Aaron. I'll let you guys know if I have more questions :) Greatly appreciated
Secret keys have been rotated :ok_hand: :closed_lock_with_key:
Secret keys are exposed - need to try and rotate keys. https://github.com/nzpug/chat/blob/master/provisioning/templates/synapse/homeserver.yaml#L425