Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement encryption at rest #1561

Merged
merged 12 commits into from
Aug 19, 2024
Merged

Implement encryption at rest #1561

merged 12 commits into from
Aug 19, 2024

Conversation

r4victor
Copy link
Collaborator

@r4victor r4victor commented Aug 15, 2024
edited
Loading

Closes #1532

This PR:

  • Allows configuring encryption via server/config.yml.
  • Implements aes and identity encryption keys.
  • Implements encryption of BackendModel.auth and UserModel.token using configured encryption keys.
  • Updates the server/config.yml docs with mini-guide on encryption.

Implementation details:

  • Values of all encrypted columns are prefixed with enc:{key_type}:{key_name}: to be able to identify encryption scheme. There is a migration to prefix exiting values with enc:identity:noname:.
  • UserModel.token_hash is introduced to be able to search for user by token after tokens are encrypted.

@r4victor r4victor requested review from jvstme and un-def August 15, 2024 13:12
jvstme
jvstme reviewed Aug 16, 2024
View reviewed changes
docs/docs/reference/server/config.yml.md
projects: ...
```

Old keys may be deleted once all existing records were updated to re-encrypt sensitive data.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How will the admin know if all existing records are re-encrypted? Is there a way re-encrypt everything at once?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A good question. This is TBD. Currently, it's up to users to go over all resources and overwrite them (e.g. like Kubernetes that does not offer a way to re-encrypt at once). Not very convenient but failing to decrypt something should not be critical. I think we're going to introduce an API to trigger re-encryption later.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added name to aes key config. Now every encrypted value is prefixed with a key name (enc:{key_type}:{key_name}:). DB admins should be able to identify all keys currently used for encryption.

src/dstack/_internal/server/testing/common.py


def get_auth_headers(token: str) -> Dict:
def get_auth_headers(token: Union[DecryptedString, str]) -> Dict:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(nit) Looks like str can be dropped, all callers use DecryptedString

@r4victor r4victor merged commit 3b9910e into master Aug 19, 2024
16 checks passed
@r4victor r4victor deleted the issue_1532_db_encrypt branch August 19, 2024 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@un-def un-def un-def approved these changes

@jvstme jvstme jvstme approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Provide mechanism to encrypt sensitive data in the DB
3 participants
@r4victor @un-def @jvstme