Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-370

Update ETCD datastore encryption to use AES-GCM instead of AES-CBC

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-28Secure the Platform
    • 100
    • 100% 100%
    • 0
    • 0

    Description

      1. Proposed title of this feature request:

      Update ETCD datastore encryption to use AES-GCM instead of AES-CBC

      2. What is the nature and description of the request?

      The current ETCD datastore encryption solution uses the aes-cbc cipher. This cipher is now considered "weak" and is susceptible to padding oracle attack.  Upstream recommends using the AES-GCM cipher. AES-GCM will require automation to rotate secrets for every 200k writes.

      The cipher used is hard coded. 

      3. Why is this needed? (List the business requirements here).

      Security conscious customers will not accept the presence and use of weak ciphers in an OpenShift cluster. Continuing to use the AES-CBC cipher will create friction in sales and, for existing customers, may result in OpenShift being blocked from being deployed in production. 

      4. List any affected packages or components.

      Attachments

        Issue Links

          clones

          Feature Request - Feature requests from customers and/or users RFE-3095 Looking for ETCD sensitive data encryption to be able to use AES-GCM in place or in addition to AESBC.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Accepted
          depends on

          Task - Represents a small unit of work that is not end-user facing. API-1543 Pre-merge Testing

          • Undefined - Priority not specified.
          • Closed
          incorporates

          Feature Request - Feature requests from customers and/or users RFE-1790 Provide a recovery path if the etcd singers are deleted accidentally

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Rejected

          Activity

            People

              wcabanba@redhat.com William Caban
              knewcome@redhat.com Kirsten Newcomer
              David Eads, Michal Fojtik
              Jianwei Hou Jianwei Hou
              Stephanie Stout Stephanie Stout
              David Eads David Eads
              Eric Rich Eric Rich
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: