Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecHub data encryption #3250 #3254

Draft
wants to merge 5 commits into
base: develop
Choose a base branch
from
Draft

SecHub data encryption #3250 #3254

wants to merge 5 commits into from

Conversation

de-jcup
Copy link
Member

@de-jcup de-jcup commented Jun 27, 2024
edited
Loading

This PR

handles encryption library

Handles encryption of SecHub configuration

after all

@de-jcup de-jcup changed the title Added initial concept of data encryption #3250 SecHub data encryption #3250 Jul 2, 2024
@de-jcup de-jcup self-assigned this Jul 2, 2024
@de-jcup
Introduced sechub-encryption #3273 + update bouncy castle version #3275
27e9bd2 
- moved own encryption implementations into own gradle sub module
  "sechub-encryption"
- CryptoAccess class is kept in commons-core because
  there are no dependencies to bouncy castle or other
  libraries
- updated bouncy castle dependencies to 1.78.1
@de-jcup
Moved encryption classes to new package #3274
da82527
@de-jcup de-jcup force-pushed the feature-3250-encrypt-sechub-database-content branch 2 times, most recently from ebbd23a to 06c611a Compare July 8, 2024 08:02
@de-jcup
Refactoring sechub encryption library #3274
a3e9b21 
- refactoring
- usage tests introduced
- renamed library to sechub-commons-encryption
@de-jcup de-jcup force-pushed the feature-3250-encrypt-sechub-database-content branch 3 times, most recently from 0cc1637 to 6a4b7dd Compare July 12, 2024 21:31
@de-jcup
Implemented root parts of encryption inside SecHub #3250
5948961 
- introduce schedule encryption service and other classes
  used at startup time and for encryption
- restrict access and storage, avoid using configuration when not
  absolut necessary
- created dedicated job message which contains unencrypted configuration
  at runtime. Only one message uses this one -> clear not accidently
  used on another code location
- created migration scripts, seperated pool id generation for h2 and
  postgres because of binary type. Also postgres will migrate old
  data automatically to NoneCipher variant (means no real encryption,
  but admin will be able to rotate keys...)
- because of separation I moved the common sql scripts to dedicated
  folder (to avoid subfolder problems in flyway execution)
- enhanced unit tests + changed to junit5

- updated encryption concept documentation
- marked old unencrypted parts as deprecated
- job info for user uses decryption to provide meta data for
  users
- admin job info no longer contain config
- scan logs no longer contain config
- fixed gradle sub module naming problem
@de-jcup de-jcup force-pushed the feature-3250-encrypt-sechub-database-content branch from 6a4b7dd to 5948961 Compare July 12, 2024 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@de-jcup de-jcup

Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@de-jcup