Feature #47765: mgr/dashboard: security improvements
mgr/dashboard: sensitive information stored in cleartext
The application stores sensitive information (i.e. usernames, passwords and access tokens) cleartext inside
a RocksDB database. An attacker with read access to the database files could compromise the application
and other systems.
The testing team identified a RocksDB instance in use by the Ceph Monitor daemon that contains sensitive
data, such as S3 access and secret keys, usernames and passwords.
It was possible to easily obtain the data either by searching for ASCII strings in the database files or by
using RocksDB command line tool to dump the database.
Either encrypt whole RocksDB or perform application-level encryption.
CaveatApplication level encryption still requires an encryption key to saved somewhere, which simply shifts the problem to where to securely store this key:
- Key-Value Store... un-encrypted. Same as original issue.
- Hardware Security Module (HSM), like a FIPS-140
- Remote key server (e.g.: Vault)