Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-43348

Define a configuration file expansion mechanism compatible with Ops Manager credentialstool

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Investigating
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: Backlog
    • Fix Version/s: None
    • Component/s: Admin, Security
    • Labels:
      None
    • Sprint:
      Security 2019-12-16
    • Case:

      Description

      We currently allow users to define commands which acquire sensitive configuration material, like passwords. However, not all environments have available secrets management solutions.

      Ops Manager has provided something called credentialstool which manages a local file containing an encryption key, which is used to decrypt configuration entries.

      A similar mechanism, or especially a compatible mechanism, would be convenient for these environments. This would allow system administrators to define keys and restrict access to them with filesystem permissions. Casual viewers of the MongoDB configuration file would be able to perform diagnostics, but wouldn't have the ability to learn protected values.

        Attachments

          Activity

            People

            Assignee:
            backlog-server-security Backlog - Security Team
            Reporter:
            spencer.jackson Spencer Jackson
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Dates

              Created:
              Updated: