From Fedora Project Wiki

Revision as of 18:18, 16 November 2010 by Toshio (talk | contribs) (Add new command)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Elements

  1. central store
  2. commandline app
  3. passwords are always encrypted to the backend
  4. private key encryption
  5. audit trail

Interface

Global options

  • -u/--username fas username. Used for looking up gpg keyids and expanding groups

List the available passphrases

$ shared-secrets list

root   @sysadmin-main
sigul-bridge @rel-eng
transifex-ssh-agent @sysadmin-web,@sysadmin-main

This retrieves the list of services and the people that should have access to them. There is no encryption involved to see this.

options

  • --date: show date of last passphrase modification (Note, includes refresh)
  • --expandgroups: Expand groups into list of usernames. Will ask for fas password

Retrieve the secret

shared-secrets decrypt root
GPG Password(or agent):
iamnotapassword

This retrieves the encrypted passphrase. Decrypts the passphrase once it is on the local machine using the user's private key.

  • Should this store in a file instead of printing to stdout?

Update the secret

shared-secrets change-secret root
FAS passphrase:
New secret:
Repeat new secret:
Shared secret for root updated successfully
  • Retrieve the list of users who have access for root
  • Retrieve the gpg public keys for the users who have access for root
  • Verify the gpg public key matches the key fingerprint in fas
  • Encrypt the passphrase for all of the users
  • Send the encrypted passphrase to the server

Refresh the encryption on secrets

Not for removing people
Use this for adding people. When removing people, change the passphrases
shared-secrets refresh [optional [list of people [and groups to refresh for]]]
FAS passphrase:

Refreshed for: root, transifex-ssh-agent
Error: Could not refresh for: sigul-bridge
  • Retrieve list of secrets
  • If we're changing for people, retrieve group information for each group listed in secrets
  • Check people and groups against secrets
  • For each secret where the people or groups have access to the secret, refresh the encryption on the group if you have access to the group.
  • Upload the new secrets to the server.
  • Report which groups succeeded and which failed.

user gets people with access on the failed groups to update


Create a new secret

shared-secrets create-secret fedorahosted @sysadmin-main
FAS passphrase:
New secret:
Repeat new secret:
  • Retrieve list of users for the listed groups
  • Encrypt secret for all groups
  • Create the secret on the server

This will not overwrite an existing secret

Update access to a secret

shared-secrets set-users fedorahosted @sysadmin-main @sysadmin-hosted
FAS passphrase:
GPG Password(or agent):

Changes the users who have access to this secret. Refreshes the encryption on the password.

Also change-secret if removing users
If you remove a user, also change the passphrase. Just because they can't access this data anymore doesn't mean they don't remember the old passphrase or have a copy of the old data.