User:Toshio/Shared-secrets

From FedoraProject

< User:Toshio(Difference between revisions)
Jump to: navigation, search
(Created page with '== ELements == (1) backend store (2) commandline app (3) passwords are always encrypted (4) gpg == Interface == === Global options === * -u/--username fas username. Used for ...')
 
(Add new command)
 
Line 1: Line 1:
== ELements ==
+
== Elements ==
(1) backend store
+
# central store
(2) commandline app
+
# commandline app
(3) passwords are always encrypted
+
# passwords are always encrypted to the backend
(4) gpg
+
# private key encryption
 +
# audit trail
  
 
== Interface ==
 
== Interface ==
Line 35: Line 36:
  
 
This retrieves the encrypted passphrase.  Decrypts the passphrase once it
 
This retrieves the encrypted passphrase.  Decrypts the passphrase once it
is on the local machine.
+
is on the local machine using the user's private key.
  
 
* Should this store in a file instead of printing to stdout?
 
* Should this store in a file instead of printing to stdout?
Line 41: Line 42:
 
=== Update the secret ===
 
=== Update the secret ===
 
<pre>
 
<pre>
shared-secrets chpass root
+
shared-secrets change-secret root
New passphrase:
+
FAS passphrase:
Repeat new passphrase:
+
New secret:
Passphrase for root updated successfully
+
Repeat new secret:
 +
Shared secret for root updated successfully
 
</pre>
 
</pre>
  
Retrieve the list of users who have access for root
+
* Retrieve the list of users who have access for root
Retrieve the gpg public keys for the users who have access for root
+
* Retrieve the gpg public keys for the users who have access for root
Verify the gpg public key matches the key fingerprint in fas
+
* Verify the gpg public key matches the key fingerprint in fas
Encrypt the passphrase for all of the users
+
* Encrypt the passphrase for all of the users
Send the encrypted passphrase to the server
+
* Send the encrypted passphrase to the server
  
 
=== Refresh the encryption on secrets ===
 
=== Refresh the encryption on secrets ===
{{amon/warning|Not for removing people|Use this for adding people.  When removing people, change the passphrases}}
+
{{admon/warning|Not for removing people|Use this for adding people.  When removing people, change the passphrases}}
 
<pre>
 
<pre>
 
shared-secrets refresh [optional [list of people [and groups to refresh for]]]
 
shared-secrets refresh [optional [list of people [and groups to refresh for]]]
GPG Password(or agent):
+
FAS passphrase:
  
 
Refreshed for: root, transifex-ssh-agent
 
Refreshed for: root, transifex-ssh-agent
Line 63: Line 65:
 
</pre>
 
</pre>
  
Retrieve list of secrets
+
* Retrieve list of secrets
If we're changing for people, retrieve group information for each group listed
+
* If we're changing for people, retrieve group information for each group listed in secrets
in secrets
+
* Check people and groups against secrets
Check people and groups against secrets
+
* For each secret where the people or groups have access to the secret, refresh the encryption on the group if you have access to the group.
For each secret where the people or groups have access to the secret, refresh
+
* Upload the new secrets to the server.
the encryption on the group if you have access to the group.
+
* Report which groups succeeded and which failed.
Upload the new secrets to the server.
+
Report which groups succeeded and which failed.
+
  
 
user gets people with access on the failed groups to update
 
user gets people with access on the failed groups to update
Line 77: Line 77:
 
=== Create a new secret ===
 
=== Create a new secret ===
 
<pre>
 
<pre>
shared-secrets createsecret fedorahosted @sysadmin-main
+
shared-secrets create-secret fedorahosted @sysadmin-main
 +
FAS passphrase:
 +
New secret:
 +
Repeat new secret:
 
</pre>
 
</pre>
  
Upload to the server a secret for the first value with groups listed in the second value
+
* Retrieve list of users for the listed groups
 +
* Encrypt secret for all groups
 +
* Create the secret on the server
 +
 
 
This will not overwrite an existing secret
 
This will not overwrite an existing secret
  
 
=== Update access to a secret ===
 
=== Update access to a secret ===
 
<pre>
 
<pre>
shared-secrets setusers fedorahosted @sysadmin-main @sysadmin-hosted
+
shared-secrets set-users fedorahosted @sysadmin-main @sysadmin-hosted
 +
FAS passphrase:
 +
GPG Password(or agent):
 +
 
 
</pre>
 
</pre>
 +
 +
Changes the users who have access to this secret.  Refreshes the encryption on the password.
 +
 +
{{admon/warning|Also change-secret if removing users|If you remove a user, also change the passphrase.  Just because they can't access this data anymore doesn't mean they don't remember the old passphrase or have a copy of the old data.}}

Latest revision as of 18:18, 16 November 2010

Contents

[edit] Elements

  1. central store
  2. commandline app
  3. passwords are always encrypted to the backend
  4. private key encryption
  5. audit trail

[edit] Interface

[edit] Global options

  • -u/--username fas username. Used for looking up gpg keyids and expanding groups

[edit] List the available passphrases

$ shared-secrets list

root   @sysadmin-main
sigul-bridge @rel-eng
transifex-ssh-agent @sysadmin-web,@sysadmin-main

This retrieves the list of services and the people that should have access to them. There is no encryption involved to see this.

[edit] options

  • --date: show date of last passphrase modification (Note, includes refresh)
  • --expandgroups: Expand groups into list of usernames. Will ask for fas password

[edit] Retrieve the secret

shared-secrets decrypt root
GPG Password(or agent):
iamnotapassword

This retrieves the encrypted passphrase. Decrypts the passphrase once it is on the local machine using the user's private key.

  • Should this store in a file instead of printing to stdout?

[edit] Update the secret

shared-secrets change-secret root
FAS passphrase:
New secret:
Repeat new secret:
Shared secret for root updated successfully
  • Retrieve the list of users who have access for root
  • Retrieve the gpg public keys for the users who have access for root
  • Verify the gpg public key matches the key fingerprint in fas
  • Encrypt the passphrase for all of the users
  • Send the encrypted passphrase to the server

[edit] Refresh the encryption on secrets

Warning (medium size).png
Not for removing people
Use this for adding people. When removing people, change the passphrases
shared-secrets refresh [optional [list of people [and groups to refresh for]]]
FAS passphrase:

Refreshed for: root, transifex-ssh-agent
Error: Could not refresh for: sigul-bridge
  • Retrieve list of secrets
  • If we're changing for people, retrieve group information for each group listed in secrets
  • Check people and groups against secrets
  • For each secret where the people or groups have access to the secret, refresh the encryption on the group if you have access to the group.
  • Upload the new secrets to the server.
  • Report which groups succeeded and which failed.

user gets people with access on the failed groups to update


[edit] Create a new secret

shared-secrets create-secret fedorahosted @sysadmin-main
FAS passphrase:
New secret:
Repeat new secret:
  • Retrieve list of users for the listed groups
  • Encrypt secret for all groups
  • Create the secret on the server

This will not overwrite an existing secret

[edit] Update access to a secret

shared-secrets set-users fedorahosted @sysadmin-main @sysadmin-hosted
FAS passphrase:
GPG Password(or agent):

Changes the users who have access to this secret. Refreshes the encryption on the password.

Warning (medium size).png
Also change-secret if removing users
If you remove a user, also change the passphrase. Just because they can't access this data anymore doesn't mean they don't remember the old passphrase or have a copy of the old data.