Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/configuration/configuring_encryption.diviner
- This file was added.
| @title Configuring Encryption | |||||
| @group config | |||||
| Setup guide for configuring encryption. | |||||
| Overview | |||||
| ======== | |||||
| Phabricator supports at-rest encryption of uploaded file data stored in the | |||||
| "Files" application. | |||||
| Configuring at-rest file data encryption does not encrypt any other data or | |||||
| resources. In particular, it does not encrypt the database and does not encrypt | |||||
| Passphrase credentials. | |||||
| Attackers who compromise a Phabricator host can read the master key and decrypt | |||||
| the data. In most configurations, this does not represent a significant | |||||
| barrier above and beyond accessing the file data. Thus, configuring at-rest | |||||
| encryption is primarily useful for two types of installs: | |||||
| - If you maintain your own webserver and database hardware but want to use | |||||
| Amazon S3 or a similar cloud provider as a blind storage server, file data | |||||
| encryption can let you do so without needing to trust the cloud provider. | |||||
| - If you face a regulatory or compliance need to encrypt data at rest but do | |||||
| not need to actually secure this data, encrypting the data and placing the | |||||
| master key in plaintext next to it may satisfy compliance requirements. | |||||
| The remainder of this document discusses how to configure at-rest encryption. | |||||
| Quick Start | |||||
| =========== | |||||
| To configure encryption, you will generally follow these steps: | |||||
| - Generate a master key with `bin/files generate-key`. | |||||
| - Add the master key it to the `keyring`, but don't mark it as `default` yet. | |||||
| - Use `bin/files encode ...` to test encrypting a few files. | |||||
| - Mark the key as `default` to automatically encrypt new files. | |||||
| - Use `bin/files encode --all ...` to encrypt any existing files. | |||||
| See the following sections for detailed guidance on these steps. | |||||
| Configuring a Keyring | |||||
| ===================== | |||||
| To configure a keyring, set `keyring` with `bin/config` or by using another | |||||
| configuration source. This option should be a list of keys in this format: | |||||
| ```lang=json | |||||
| ... | |||||
| "keyring": [ | |||||
| { | |||||
| "name": "master.key", | |||||
| "type": "aes-256-cbc", | |||||
| "material.base64": "UcHUJqq8MhZRwhvDV8sJwHj7bNJoM4tWfOIi..." | |||||
| "default": true | |||||
| }, | |||||
| ... | |||||
| ] | |||||
| ... | |||||
| ``` | |||||
| Each key should have these properties: | |||||
| - `name`: //Required string.// A unique key name. | |||||
| - `type`: //Required string.// Type of the key. Only `aes-256-cbc` is | |||||
| supported. | |||||
| - `material.base64`: //Required string.// The key material. See below for | |||||
| details. | |||||
| - `default`: //Optional bool.// Optionally, mark exactly one key as the | |||||
| default key to enable encryption of newly uploaded file data. | |||||
| The key material is sensitive an an attacker who learns it can decrypt data | |||||
| from the storage engine. | |||||
| Format: Raw Data | |||||
| ================ | |||||
| The `raw` storage format is automatically selected for all newly uploaded | |||||
| file data if no key is makred as the `default` key in the keyring. This is | |||||
| the behavior of Phabricator if you haven't configured anything. | |||||
| This format stores raw data without modification. | |||||
| Format: AES256 | |||||
| ============== | |||||
| The `aes-256-cbc` storage format is automatically selected for all newly | |||||
| uploaded file data if an AES256 key is marked as the `default` key in the | |||||
| keyring. | |||||
| This format uses AES256 in CBC mode. Each block of file data is encrypted with | |||||
| a unique, randomly generated private key. That key is then encrypted with the | |||||
| master key. Among other motivations, this strategy allows the master key to be | |||||
| cycled relatively cheaply later (see "Cycling Master Keys" below). | |||||
| AES256 keys should be randomly generated and 256 bits (32 characters) in | |||||
| length, then base64 encoded when represented in `keyring`. | |||||
| You can generate a valid, properly encoded AES256 master key with this command: | |||||
| ``` | |||||
| phabricator/ $ ./bin/files generate-key --type aes-256-cbc | |||||
| ``` | |||||
| This mode is generally similar to the default server-side encryption mode | |||||
| supported by Amazon S3. | |||||
| Format: ROT13 | |||||
| ============= | |||||
| The `rot13` format is a test format that is never selected by default. You can | |||||
| select this format explicitly with `bin/files encode` to test storage and | |||||
| encryption behavior. | |||||
| This format applies ROT13 encoding to file data. | |||||
| Changing File Storage Formats | |||||
| ============================= | |||||
| To test configuration, you can explicitly change the storage format of a file. | |||||
| This will read the file data, decrypt it if necessary, write a new copy of the | |||||
| data with the desired encryption, then update the file to point at the new | |||||
| data. You can use this to make sure encryption works before turning it on by | |||||
| default. | |||||
| To change the format of an individual file, run this command: | |||||
| ``` | |||||
| phabricator/ $ ./bin/files encode --as <format> F123 [--key <key>] | |||||
| ``` | |||||
| This will change the storage format of the sepcified file. | |||||
| Verifying Storage Formats | |||||
| ========================= | |||||
| You can review the storage format of a file from the web UI, in the | |||||
| {nav Storage} tab under "Format". You can also use the "Engine" and "Handle" | |||||
| properties to identify where the underlying data is stored and verify that | |||||
| it is encrypted or encoded in the way you expect. | |||||
| See @{article:Configuring File Storage} for more information on storage | |||||
| engines. | |||||
| Cycling Master Keys | |||||
| =================== | |||||
| If you need to cycle your master key, some storage formats support key cycling. | |||||
| Cycling a file's encryption key decodes the local key for the data using the | |||||
| old master key, then re-encodes it using the new master key. This is primarily | |||||
| useful if you believe your master key may have been compromised. | |||||
| First, add a new key to the keyring and mark it as the default key. You need | |||||
| to leave the old key in place for now so existing data can be decrypted. | |||||
| To cycle an individual file, run this command: | |||||
| ``` | |||||
| phabricator/ $ ./bin/files cycle F123 | |||||
| ``` | |||||
| Verify that cycling worked properly by examining the command output and | |||||
| accessing the file to check that the data is present and decryptable. You | |||||
| can cycle additional files to gain additional confidence. | |||||
| You can cycle all files with this command: | |||||
| ``` | |||||
| phabricator/ $ ./bin/files cycle --all | |||||
| ``` | |||||
| Once all files have been cycled, remove the old master key from the keyring. | |||||
| Not all storage formats support key cycling: cycling a file only has an effect | |||||
| if the storage format is an encrypted format. For example, cycling a file that | |||||
| uses the `raw` storage format has no effect. | |||||
| Next Steps | |||||
| ========== | |||||
| Continue by: | |||||
| - understanding storage engines with @{article:Configuring File Storage}; or | |||||
| - returning to the @{article:Configuration Guide}. | |||||