Branch: refs/heads/master
Home:
https://github.com/Checkmk/checkmk
Commit: 071161f1e02bfe77d678a537aedc1781b6190c6b
https://github.com/Checkmk/checkmk/commit/071161f1e02bfe77d678a537aedc1781b…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-03-21 (Thu, 21 Mar 2024)
Changed paths:
A .werks/16617.md
M cmk/gui/type_defs.py
M cmk/gui/userdb/session.py
M cmk/gui/utils/encrypter.py
M cmk/utils/crypto/secrets.py
M tests/unit/cmk/gui/userdb/test_userdb.py
M tests/unit/cmk/gui/utils/test_encryption.py
M tests/unit/cmk/utils/crypto/test_secrets.py
Log Message:
-----------
16617 Use session specific key for ValueSpec encryption
When a user edits a configuration e.g. for a special agent with an explicit password the
complete configuration is transfered to the user.
To not reveal the password in cleartext this field is encrypted.
The key for that encryption was previously to this Werk shared amongst all users (a salt
was used though).
With this Werk every user session has now a secret dedicated to this encryption so the key
is rotated often and not shared amongst other users.
CMK-11925
Change-Id: I1ec79d9ce50845c86088196b00652b77af61a356
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications