Bug #7323
closed
[SSO] [API] [Workbench] Have config:check sanity check secrets
Added by Brett Smith over 8 years ago.
Updated over 3 years ago.
Description
Short secrets pass the config:check rake task, but then the server refuses to run with them. Extend config:check to do all the same sanity checks on these settings as the underlying code.
- Target version set to Arvados Future Sprints
SSO server might be the only server actually enforces this currently. Then another question comes up: do we want to enforce a minimum secret length in other servers? Ward says yes, which makes sense for security.
Apparently this is only enforced on blob_signing_key in API server.
Not correct, but the error only happens when the server actually receives a request. Then you get:
ArgumentError (Secret should be something secure, like "ac6ae2f2d43b746ce6237029adeaeb47". The value you provided, "ng", is shorter than the minimum length of 30 characters):
app/middlewares/arvados_api_token.rb:59:in `call'
That line just calls the app, so the real check is not in our code. That said, "minimum length of 30 characters" is easy to add to our own checks.
- Status changed from New to Closed
- Target version deleted (
Arvados Future Sprints)
Also available in: Atom
PDF