Authentication support in etcd

[chobostar]

I would like to discuss the current lack of certificate authentication in etcd configuration:

https://github.com/vitabaks/autobase/blob/master/automation/roles/etcd/templates/etcd.conf.j2

In a previous discussion, it was mentioned that sensitive information is not stored in DCS, as highlighted here: https://github.com/vitabaks/autobase/issues/361#issuecomment-1572279916

sensitive information is not stored in DCS.

Despite this position, there remains a potential risk scenario:

• A malicious archive_command can be set in DCS. This could potentially lead to Remote Code Execution (RCE) exploits, allowing unauthorized access to sensitive data, e.g. an attacker could create a superuser without a password, modify pg_hba.conf to trust, or corrupt pgdata.
• It is theoretically possible to remove data, bootstrap a new cluster, and direct existing nodes to connect to a malicious master using valid replication passwords.

Given the potential risks outlined, I kindly request reconsideration of the current decision to leave etcd unprotected. Implementing certificate authentication can provide an additional layer of security and protect against these vulnerabilities.

Thanks for attention and waiting for your feedback for possible security mitigation.

[vitabaks]

Thank you so much for raising this important issue! We fully agree that security is a critical aspect, and we’ll prioritize this task accordingly.

As an open-source project, we greatly appreciate contributions from the community. If you have the time and interest, please feel free to submit a PR with your proposed solution. This will help us implement the necessary changes faster and improve the project even further.