Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support revocation of tenant keys #2211

Closed
lmsurpre opened this issue Apr 7, 2021 · 3 comments
Closed

Support revocation of tenant keys #2211

lmsurpre opened this issue Apr 7, 2021 · 3 comments
Assignees
Labels
P2 Priority 2 - Should Have security

Comments

@lmsurpre
Copy link
Member

lmsurpre commented Apr 7, 2021

Is your feature request related to a problem? Please describe.
In our db2 tenant-aware schemas, each tenant is granted one or more tenant keys to interact with their data.

We support adding new keys, which is particularly helpful if a key is lost (or was never written down during the initial provision).
https://github.com/IBM/FHIR/tree/master/fhir-persistence-schema#add-a-key-to-existing-tenant-db2-only

However, we currently have no way to actually remove the old keys.

Describe the solution you'd like
Support deletion of old keys (probably via their id).

Describe alternatives you've considered
Support only a single key at a time (replace the old key when we generate a new one)

Acceptance Criteria
1.
GIVEN a db2 schema
AND a tenant that has been onboarded and configured with a particular tenant key
WHEN the tenant key is deleted
THEN the tenant is no longer able to access the data

Additional context
robin's response to "how can you delete a key that you've lost/forgotten"?:

The simplest thing would be to delete all the rows from tenant_keys for a given tenant then add a new key. Unless you know which key you want to remove, of course. Keys can be identified by their id, salt or hash all of which are (very probably) unique.

@lmsurpre lmsurpre added the P2 Priority 2 - Should Have label Jun 7, 2021
@lmsurpre
Copy link
Member Author

lmsurpre commented Jun 7, 2021

The workaround for this one is the manually remove the key from the database table fhir_admin.tenant_keys

@lmsurpre lmsurpre added this to the Sprint 2021-08 milestone Jun 7, 2021
@prb112 prb112 self-assigned this Jun 7, 2021
prb112 added a commit that referenced this issue Jun 7, 2021
Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
@prb112
Copy link
Contributor

prb112 commented Jun 7, 2021

prb112 added a commit that referenced this issue Jun 8, 2021
Support revocation of tenant keys #2211
@prb112
Copy link
Contributor

prb112 commented Jul 3, 2021

Robin verified this

@prb112 prb112 closed this as completed Jul 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
P2 Priority 2 - Should Have security
Projects
None yet
Development

No branches or pull requests

2 participants