[PSWDMNGR-49] Password manager maintenance Created: 05/Sep/22  Updated: 31/Oct/23

Status: Open
Project: Password Manager
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Epic Priority: Neutral
Reporter: Matt Rajkovic Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Epic Name: Password manager maintenance
Acceptance criteria:
Empty
Date of First Response:
Team: AdminX

 Comments   
Comment by Ezzeddine Thebti [ 16/Jun/23 ]

Hi Magnolia,

We wanted to use the password manager to store the passwords/keys/secrets that are added in the instance configuration. But, I just noticed a problem (known issue that has not been resolved) on the Magnolia Keystore. A bug in the Password Manager which risks making us lose the passwords/secrets/keys if we find ourselves in a situation of having to regenerate the key pair of Mangnolia.
https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Activation-security/Activation-keys.html#_regenerating_the_key_pair
https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Activation-security/Activation-keys.html#_re_establishing_the_passwords_in_the_passwords_app

We cannot tolerate such a mechanism to maintain passwords/keys/secrets in the KeyStore. Please fix the keystore rotation automation to have it more transparent without manual intervention.

Otherwise, we will just do a simple encryption of the passwords/keys/secrets and leave them in the configuration.

Regards,

Ezzeddine

Generated at Mon Feb 12 10:26:23 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.