docs: ADR-0004: authentication types and encrypted secrets #104

jhoward-lm · 2024-07-11T20:51:28Z

4. Authentication types and secrets encryption

Date: 2024-07-11

Status

Proposed

Context

Additional authentication mechanisms and secure secrets storage should be supported.

Decision

Add support for additional authentication mechanisms:

OAuth
Bearer token
Basic

Secrets provided as plain text will be encrypted with a user-provided or auto-generated key pair.

Add a config file mapping of URLs or bare hostnames to associated user credentials.

If credentials are specified by the user or encountered in the config file as plain text:
- If no private key is provided by user or already exists in the config directory,
  auto-generate a new key pair
- Encrypt secrets inline in the config file using the private key

Either leverage the SOPS tool as a library to perform the encryption/decryption,
or use its encrypted string expression form.

Example of proposed config file additions:

auths:
  github.com: ENC[AES256_GCM,data:Tr7o=,iv:1=,aad:No=,tag:k=]
  gitlab.com:
    user: ENC[AES256_GCM,data:CwE4O1s=,iv:2k=,aad:o=,tag:w==]
    password: ENC[AES256_GCM,data:p673w==,iv:YY=,aad:UQ=,tag:A=]

Consequences

These changes will increase flexibility for users by allowing fetching from and pushing to additional
remote endpoints that may have limited or strict options for authentication. They will also provide
enhanced security options for local storage and transmission of secrets.

Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>

idunbarh · 2024-07-18T03:23:42Z

Can you talk to what the user experience would be? Are you think that if a encrypted password is accessed, the user would be prompted for a decrypt key?

I see the benefits of SOPS to encrypt secrets that are stored in version control or other configuration files stored outside of a deployed environment. If the intent would be for the keypair or master key is stored on the same system as the bomctl config, I think the security benefits would be negated.

@eddiezane @ashearin what are your thoughts?

ashearin · 2024-08-05T21:17:30Z

Per working group session 8/5/24. For now leave as proposed, be reevaluated for a future release.

docs: add ADR for auth types and encrypted secrets

6b79305

Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>

jhoward-lm added the documentation Improvements or additions to documentation label Jul 11, 2024

jhoward-lm requested review from eddiezane, houdini91, ashearin, marcelamelara and idunbarh July 11, 2024 20:51

jhoward-lm self-assigned this Jul 11, 2024

jhoward-lm requested a review from a team as a code owner July 11, 2024 20:51

pkwiatkowski1 mentioned this pull request Aug 7, 2024

Fetch Subcommand - Enhancements #44

Closed

idunbarh added the adr Architecture Decision Records use to decide architecture or implementation details of `bomctl` label Aug 26, 2024

jhoward-lm requested a review from lmphil November 25, 2024 16:57

ashearin approved these changes Nov 25, 2024

View reviewed changes

Merge branch 'main' into adr/secrets-encryption

a54e60b

lmphil approved these changes Nov 25, 2024

View reviewed changes

Merge branch 'main' into adr/secrets-encryption

b1edb7d

jhoward-lm merged commit 794ff83 into main Nov 25, 2024
9 checks passed

jhoward-lm deleted the adr/secrets-encryption branch November 25, 2024 18:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

docs: ADR-0004: authentication types and encrypted secrets #104

docs: ADR-0004: authentication types and encrypted secrets #104

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

docs: ADR-0004: authentication types and encrypted secrets #104

docs: ADR-0004: authentication types and encrypted secrets #104

Uh oh!

Conversation

4. Authentication types and secrets encryption

Status

Context

Decision

Consequences

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!