Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User Accounts and Custom User Settings Deployment #14208
User Accounts and Custom User Settings Deployment #14208
Changes from 10 commits
ca45294
0f80b89
2e38e17
69a2eb3
40a490f
0625ffc
e5476a6
6c7a4f8
153473c
9044980
d2a650c
f41f59b
08272f0
f390d4f
b852da8
2a9b759
1cd46e6
1aaabdf
1fc8b05
f7a9538
94050b0
bf4b21c
173c933
55e81e4
60fa9d4
fddb800
fc58742
b51dc2c
480e01d
28ac1df
b37e14e
89d3589
f126fa9
5cd5a0c
b1ac1e1
2cef4ed
ed777b7
090d2d9
683d429
5fea5d8
5bd124f
bf483bc
9cd2372
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for info I'm working on #7891 to be able to securely exchange secrets as passwords, credentials for email, RSA keys in place of X509 certificates for OpenId and so on.
Not sure that it could be applied to user passwords, I would need to re-focus on #7891 (didn't work on it the last 2 weeks). Hmm, if it can be applied maybe in a separate PR if we agree to merge this one in the meantime.
Hmm, to deploy secrets we share a symetric key which is itself encrypted by an assymetric key (in fact one to encrypt data and onother one for signing), so maybe we could use the same technic to exchange users without having to encrypt their passwords differently.
This would mean that it is not incompatible with this PR and could be done afterwards, or maybe not, we could think that we first need #7891 and that this PR would need to use it, meaning that deploying users would need 2 RSA secrets to be defined, one for encryption and one for signing, as will be done to deploy secrets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does that mean we need to postpone merging this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not necessarily ;)
I'm not against merging this PR first, was just for info, I let others decide.