search

pythonnz / chat

NZPUG's chat server: https://chat.python.nz
1 stars 1 forks source link

Rotate secret keys #16

Closed iokiwi closed 4 years ago

iokiwi commented 4 years ago

Secret keys are exposed - need to try and rotate keys. https://github.com/nzpug/chat/blob/master/provisioning/templates/synapse/homeserver.yaml#L425

iokiwi commented 4 years ago

iokiwi: So somone checked out homeserver.yaml into github and all the secret keys were exposed. How do I go about rotating them and what are the implications?

Richard (@richard:wiedenhoeft.xyz): iokiwi: That's bad. First of all follow https://help.github.com/en/github/authenticating-to-github/removing-sensitive-data-from-a-repository to limit the damage. I don't know about the implications for your homeserver. Someone else should elaborate.

Of course you should change the secrets. I suggest doing that now and worry about breakage of bridge, bots, etc. later.

Are your signing keys still uncompromised?

iokiwi: Richard, I think so, I will check. The homeserver is in its infancy so there are very few users, messages and data there. It will be fine to blow away the database and start again if necessary

Yeah signing keys are all good

Not checked in to github

Richard (@richard:wiedenhoeft.xyz): iokiwi: If users on your server are already in federated channels, starting from scratch may lead to problems

bromide_squeak: Richard: what exactly are the secrets to worry about?

Richard (@richard:wiedenhoeft.xyz): bromide_squeak: All of them. That's why they're secret.

iokiwi: that's a pain. I know at least my user is in federated channels to test that federation was working

Richard (@richard:wiedenhoeft.xyz): Leaving the channel may help. But nuking your homeserver is kind of the ultima ratio. I wouldn't start with that. Your priorities are: 1. Change the secret. 2. Clean the github repo 3. Assess whether someone used the secrets (e.g. check database dumps for new and unknown users). 4. Review your procedures for handling sensitive data

bromide_squeak: I'm looking at what secrets were autogenerated in the .yaml file

I see a few, I"m not sure what they're all for

there's a macaroon_secret_key

iokiwi: Ok thanks Richard I will follow those steps above and deal with any fallout as it comes

Richard (@richard:wiedenhoeft.xyz): Oh and I may be wrong about not nuking here. Maybe someone more familiar with Synapse code can correct me if necessary.

iokiwi: Yeah ^ please anyone if you known the best option let me know. Nuking from orbit is thankfully an option for me right now

Richard (@richard:wiedenhoeft.xyz): iokiwi: Oh and I forgot to mention. Your server should of course be stopped until you finish cleaning up.

Aaron: No it shouldn’t be necessary, especially if you want to use that domain name again it’s best to avoid nuking from orbit.

Richard’s steps are the same that I would take

iokiwi: Ok thanks for the confirmation Aaron. I'll let you guys know if I have more questions :) Greatly appreciated

iokiwi commented 4 years ago

Secret keys have been rotated :ok_hand: :closed_lock_with_key: