| <?xml version='1.0' encoding='utf-8' ?> |
| <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ |
| <!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> |
| %BOOK_ENTITIES; |
| ]> |
| <!-- Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| http://www.apache.org/licenses/LICENSE-2.0 |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <section id="about-password-encryption"> |
| <title>About Password and Key Encryption</title> |
| <para>&PRODUCT; stores several sensitive passwords and secret keys that are used to provide |
| security. These values are always automatically encrypted:</para> |
| <itemizedlist> |
| <listitem> |
| <para>Database secret key</para> |
| </listitem> |
| <listitem> |
| <para>Database password</para> |
| </listitem> |
| <listitem> |
| <para>SSH keys</para> |
| </listitem> |
| <listitem> |
| <para>Compute node root password</para> |
| </listitem> |
| <listitem> |
| <para> VPN password</para> |
| </listitem> |
| <listitem> |
| <para>User API secret key</para> |
| </listitem> |
| <listitem> |
| <para>VNC password</para> |
| </listitem> |
| </itemizedlist> |
| <para>&PRODUCT; uses the Java Simplified Encryption (JASYPT) library. The data values are |
| encrypted and decrypted using a database secret key, which is stored in one of &PRODUCT;’s |
| internal properties files along with the database password. The other encrypted values listed |
| above, such as SSH keys, are in the &PRODUCT; internal database.</para> |
| <para>Of course, the database secret key itself can not be stored in the open – it must be |
| encrypted. How then does &PRODUCT; read it? A second secret key must be provided from an |
| external source during Management Server startup. This key can be provided in one of two ways: |
| loaded from a file or provided by the &PRODUCT; administrator. The &PRODUCT; database has a |
| configuration setting that lets it know which of these methods will be used. If the encryption |
| type is set to "file," the key must be in a file in a known location. If the encryption type is |
| set to "web," the administrator runs the utility |
| com.cloud.utils.crypt.EncryptionSecretKeySender, which relays the key to the Management Server |
| over a known port.</para> |
| <para>The encryption type, database secret key, and Management Server secret key are set during |
| &PRODUCT; installation. They are all parameters to the &PRODUCT; database setup script |
| (cloudstack-setup-databases). The default values are file, password, and password. It is, of course, |
| highly recommended that you change these to more secure keys.</para> |
| </section> |