Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Scurity][Feature Request] Set "Security.encryption_key" via ENV #106

Closed
Daniel-CS-Team opened this issue Aug 8, 2024 · 5 comments · Fixed by #108
Closed

[Scurity][Feature Request] Set "Security.encryption_key" via ENV #106

Daniel-CS-Team opened this issue Aug 8, 2024 · 5 comments · Fixed by #108
Assignees
@Diogo-Rego
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@Daniel-CS-Team
Copy link

Out of the box, misp-docker shows this warning in diagnostics:

Sensitive information like keys to remote server are stored in database unencrypted. Set Security.encryption_key to encrypt these values.

As this is a commandline-only setting, it would be nice to have it set during initial setup. Preferably provided via an ENV variable.
I agree that this is not a real issue if you use a dedicated database container not exposed to the outside world. But in our setup, we use an AWS AURORA cluster shared with some other services. So this is a nice security in depth control.

I solved this by utilizing the customize_misp.sh and an additional ENV variable. But I think it would be nice to add this functionality to the standard init-scripts. The relevant line is:

sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.encryption_key" "${MISP_ENCRYPTION_KEY:=changeEncryptionKey0r1amUseless9}"
@ostefano
Copy link
Collaborator

ostefano commented Aug 8, 2024

Looks reasonable.

@UFOSmuggler is this something you can add next time you work on misp-docker?

@ostefano ostefano added enhancement New feature or request good first issue Good for newcomers labels Aug 8, 2024
@Diogo-Rego
Copy link
Contributor

@ostefano adding it to core/files/etc/misp-docker/initialisation.defaults.json works

(...)
  "Security.encryption_key": {
    "default_value": "kjldsbnsjkhnamjfgvfn",
    "command_args": "-f"
  },
(...)

@ostefano
Copy link
Collaborator

You might want to move that settings to the envvars file, and test it when the value is empty (gracefully handling when the user does not set it). Then we can merge.

@ostefano ostefano linked a pull request Aug 12, 2024 that will close this issue
Add support for encryption key #108
Merged
@ostefano
Copy link
Collaborator

ostefano commented Aug 12, 2024
edited
Loading

See attached PR. @Diogo-Rego can I assign you as reviewer to both?

@Diogo-Rego
Copy link
Contributor

@ostefano yes

@ostefano ostefano mentioned this issue Aug 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Diogo-Rego Diogo-Rego

Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for encryption key MISP/misp-docker
3 participants
@ostefano @Daniel-CS-Team @Diogo-Rego