Secret key should be display once #506
Labels
No Label
AdminAPI
Bug
Check AWS
CI
Correctness
Critical
Documentation
Ideas
Improvement
Low priority
Newcomer
Performance
S3 Compatibility
Testing
Usability
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Deuxfleurs/garage#506
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The secret key part of the credentials pair should be displayed only at creation, and then hashed in the DB, never to be displayed to a user thereafter.
This is how AWS handles these too: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
The signature scheme of AWS requires that the servers knows the same secret as the client, this is how HMAC works. It's not a public key cryptography system. So we can't hash it in DB, that won't work.
We could show the secret only on creation, but then if it's still in db, an admin can technically see it any time by looking at the right place. So rather than pretending to be secure by hiding the fact that we have the secret, I think it's clearer for the users as it is currently.
We can still discuss whether displaying the secret key should be done only when a flag is passed on the CLI (for example), that would make sense.