[PSWDMNGR-27] Migrate or drop password manager app Created: 28/Mar/22  Updated: 22/Jun/23

Status: Open
Project: Password Manager
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Ervin Vystup Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:
Epic Link: Remove old (vaadin7 compatibility) framework module
Team: AdminX

 Description   

The goal is to get rid of the dependency to M5 UI (so a complete removal of the app can be considered).



 Comments   
Comment by Roman Kovařík [ 23/May/22 ]

mgeljic did some investigation (aws-foundation? depends on password manager) Do we have some ticket?

Comment by Ezzeddine Thebti [ 16/Jun/23 ]

Hi Magnolia,

We wanted to use the password manager to store the passwords/keys/secrets that are added in the instance configuration. But, I just noticed a problem (known issue that has not been resolved) on the Magnolia Keystore. A bug in the Password Manager which risks making us lose the passwords/secrets/keys if we find ourselves in a situation of having to regenerate the key pair of Mangnolia.
https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Activation-security/Activation-keys.html#_regenerating_the_key_pair
https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Activation-security/Activation-keys.html#_re_establishing_the_passwords_in_the_passwords_app

We cannot tolerate such a mechanism to maintain passwords/keys/secrets in the KeyStore. Please fix the keystore rotation automation to have it more transparent without manual intervention.

Otherwise, we will just do a simple encryption of the passwords/keys/secrets and leave them in the configuration.

Regards,

Ezzeddine

Comment by Evzen Fochr [ 22/Jun/23 ]

Hey ethebti 
thank you for the question. Password Manager module uses the public activation key to hash plain text passwords. If you change the public key, passwords managed by the Password manager become unusable and you must <<Re-establishing the passwords in the Passwords app, re-enter them. That's how it was designed. 
We have module migration and improvement on roadmap, but not in near future.
I suggest to use https://docs.magnolia-cms.com/product-docs/6.2/Administration/Architecture/Configuration-management.html#_environment_variables for now.

Thanks,
Evžen

Generated at Mon Feb 12 10:26:10 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.