[checkmk-commits] [Checkmk/checkmk] 071161: 16617 Use session specific key for ValueSpec encry...

Branch: refs/heads/master Home: https://github.com/Checkmk/checkmk Commit: 071161f1e02bfe77d678a537aedc1781b6190c6b https://github.com/Checkmk/checkmk/commit/071161f1e02bfe77d678a537aedc1781b… Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com> Date: 2024-03-21 (Thu, 21 Mar 2024) Changed paths: A .werks/16617.md M cmk/gui/type_defs.py M cmk/gui/userdb/session.py M cmk/gui/utils/encrypter.py M cmk/utils/crypto/secrets.py M tests/unit/cmk/gui/userdb/test_userdb.py M tests/unit/cmk/gui/utils/test_encryption.py M tests/unit/cmk/utils/crypto/test_secrets.py Log Message: ----------- 16617 Use session specific key for ValueSpec encryption When a user edits a configuration e.g. for a special agent with an explicit password the complete configuration is transfered to the user. To not reveal the password in cleartext this field is encrypted. The key for that encryption was previously to this Werk shared amongst all users (a salt was used though). With this Werk every user session has now a secret dedicated to this encryption so the key is rotated often and not shared amongst other users. CMK-11925 Change-Id: I1ec79d9ce50845c86088196b00652b77af61a356 To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications