Page MenuHomePhabricator
Create Task
Maniphest T6116

Internal Storage Security
Closed, DuplicatePublic
Actions

Description

When storing information into passphrase, it would be great for that information to have some encryption, so its not just stored in plain text in mysql.

Potentially, you could also have a key to decrypt and show the credential on screen.

Related Objects

Event Timeline

bajb created this task.Sep 17 2014, 3:29 PM
bajb raised the priority of this task from to Needs Triage.
bajb updated the task description. (Show Details)
bajb added projects: Passphrase, Security.
bajb added a subscriber: bajb.
hach-que added a subscriber: hach-que.Sep 17 2014, 5:22 PM

Phabricator needs the ability to decrypt credentials in background processes and in a non-interactive manner. Thus any key to decrypt a credential would need to be stored at the same level as the Passphrase credential itself, defeating the point of encryption (you can't store the decryption keys as a file outside MySQL because that won't scale for HA).

epriestley added a subscriber: epriestley.Sep 18 2014, 12:25 AM

I'm going to merge this into T4721, which has more discussion. @hach-que's summary is essentially correct.

epriestley closed this task as a duplicate of T4721: Improve user-facing documentation for Passphrase.Sep 18 2014, 12:25 AM
Phabricator · Built by Phacility