Encrypt hidden template parameters specification

Change-Id: If310ea230212baab150d408528fcc40b59b75dfa Specification blueprint encrypt-hidden-parameters
2014-06-16 15:22:04 -05:00 · 2014-06-16 15:22:04 -05:00 · 298da5d8c8
parent 0d77b89875
commit 298da5d8c8
1 changed files with 97 additions and 0 deletions
--- a/specs/encrypt-hidden-parameters.rst
+++ b/specs/encrypt-hidden-parameters.rst
@ -0,0 +1,97 @@
+..
+ This work is licensed under a Creative Commons Attribution 3.0 Unported
+ License.
+
+ http://creativecommons.org/licenses/by/3.0/legalcode
+
+=============================
+ Hidden Parameters Encryption
+=============================
+
+https://blueprints.launchpad.net/heat/+spec/encrypt-hidden-parameters
+
+Encrypt template parameters that were marked as hidden before storing them in
+database.
+
+Problem description
+===================
+
+Heat template parameters can be marked as hidden, but currently these values
+are stored in database in plain text.
+
+A template author currently marks a parameter as hidden so that it will not be
+logged or displayed to the user in user interfaces.
+
+The problem itself is that these are probably sensitive pieces of data and thus
+it would provide some safety against a database attacker if they were encrypted
+in the database.
+
+Leaving sensitive customer data at rest unencrypted provides many more options
+for that data to get in the wrong hands or be taken outside the company.  It is
+quick and easy to do a MySQL dump if the DB linux system is compromised, which
+has nothing to do with Heat having a vulnerability.  Encrypting the data helps
+in case if a leak of arbitrary DB data does surface in Heat.
+
+Proposed change
+===============
+
+* Provide a configuration option to enable/disable hidden parameter encryption.
+  (Default is to disable parameter encryption)
+
+* Encrypt parameters that were marked as hidden before storing Stack data in
+  the database.
+
+* Decrypt parameters as soon as the stack data is read from database and
+  use decrypted parameters to create Stack object.
+
+* This implementation uses same key and encryption mechanism that is currently
+  being used for encrypting/decrypting user credentials, trust tokens, and
+  resource data. (Encryption key is defined in Heat configuration file)
+
+Alternatives
+------------
+
+* Instead of encrypting hidden parameters, we could encrypt all the parameters
+  as a dictionary.
+
+* Encrypt full disk where entire MySQL database is being stored or encrypt
+  files where specific tables are stored.
+
+* Another alternative is to use CryptDB:
+
+  www.cs.berkeley.edu/~istoica/classes/cs294/11/papers/sosp2011-final53.pdf
+
+* Integrate Barbican with Heat and use Barbican to store secrets.
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Primary assignee:
+  vijendar-komalla
+
+
+Milestones
+----------
+
+Target Milestone for completion:
+  Juno-2
+
+Work Items
+----------
+
+* Modify Stack 'store' method to encrytpt parameters before storing in database
+
+* Modify Stack 'load' method to decrypt parameters
+
+* Create a migration script to encrypt parameters that are already stored
+
+* Create a tool/script to change the encryption key and re-encrypting all the
+  parameters
+
+Dependencies
+============
+
+None