Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datapool Encryption across realms broken #706

Open
oliwel opened this issue Jun 11, 2019 · 1 comment
Open

Datapool Encryption across realms broken #706

oliwel opened this issue Jun 11, 2019 · 1 comment
Labels
discussion feature request
Milestone
3.30

Comments

@oliwel
Copy link
Contributor

oliwel commented Jun 11, 2019

The set_data_pool_entry API call allows creation of items in other realms but always uses the encryption token of the current realm. This will not work if the realms use different tokens.

Options:

  • Global DataVault token (problems with manual password handling which is per realm)
  • Rework API methods to detect correct tokens
  • Disallow (Cross realm usage is forbidden from workflow anyway and from CLI there is usually no reason to do so)
@oliwel oliwel added this to the 3.0 milestone Jun 17, 2019
@oliwel
Copy link
Contributor Author

oliwel commented Jun 17, 2019

After discussion with other team members:

  • Create a central "system" realm and place a global datavault token there.
  • Disable cross-realm access for datapool but enable shared access to the system realm from each other realm so it is possible to share values

@oliwel oliwel removed this from the 3.0 milestone May 19, 2020
@oliwel oliwel added this to the 3.28 milestone May 14, 2023
@oliwel oliwel modified the milestones: 3.28, 3.30 Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion feature request
Projects
None yet
Milestone
3.30
Development

No branches or pull requests
1 participant
@oliwel