[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #30009 [Internal Services/Tor Sysadmin Team]: consider trocla for secrets management in puppet

To: undisclosed-recipients: ;
Subject: [tor-bugs] #30009 [Internal Services/Tor Sysadmin Team]: consider trocla for secrets management in puppet
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 03 Apr 2019 20:36:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 03 Apr 2019 16:36:21 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30009: consider trocla for secrets management in puppet
-----------------------------------------------------+-----------------
     Reporter:  anarcat                              |      Owner:  tpa
         Type:  project                              |     Status:  new
     Priority:  Low                                  |  Milestone:
    Component:  Internal Services/Tor Sysadmin Team  |    Version:
     Severity:  Major                                |   Keywords:
Actual Points:                                       |  Parent ID:
       Points:                                       |   Reviewer:
      Sponsor:                                       |
-----------------------------------------------------+-----------------
 secrets generated by puppet currently use a custom hkdf function that is
 homegrown. the ad-hoc standard for this in the puppet community i'm
 usually working with is [https://github.com/duritong/trocla trocla] which
 is [https://github.com/duritong/puppet-trocla well integrated with
 puppet].

 Trocla generates, on the fly, a strong random password for each key you
 ask it. It also supports various hashing mechanisms (bcrypt, pgsql, x509,
 etc) so that the Puppet client never actually sees the cleartext. It seems
 like a better approach than sending the cleartext like we currently do.

 So I'd like to start using this for new code and possibly convert existing
 code to this, if that's acceptable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30009>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #30009 [Internal Services/Tor Sysadmin Team]: consider trocla for secrets management in puppet
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #29986 [Core Tor/Tor]: wishlist
Next by Author: Re: [tor-bugs] #30013 [Webpages/Website]: the link "Get Involved" at https://www.torproject.org/contact/ is broken
Previous by thread: Re: [tor-bugs] #30008 [Obfuscation/Snowflake]: Remove unused FIFO copy paste code from snowflake client
Next by thread: Re: [tor-bugs] #30009 [Internal Services/Tor Sysadmin Team]: consider trocla for secrets management in puppet
Index(es):
- Author
- Thread