[Django] #30360: Pluggable secret key backend
Django
-----------------------------------------+-------------------------------
Reporter: Andreas Pelme | Owner: Andreas Pelme
Type: Uncategorized | Status: assigned
Component: Core (Other) | Version: 2.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+-------------------------------
Having the possibility to use the secret key from other sources than
settings and being able to verify signatures with old secret keys would
improve security in a number of ways.
See [https://groups.google.com/forum/#!msg/django-developers/jg-
eu3HtLHI/V_rbzYKfAQAJ the discussion in django-developers] for a longer
explanation and discussion.
--
Ticket URL: <https://code.djangoproject.com/ticket/30360>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Andreas Pelme | Owner: Andreas Pelme
Type: Uncategorized | Status: assigned
Component: Core (Other) | Version: 2.2
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Andreas Pelme):
I have started working on this and will work on it during the Djangocon
2019 sprints tomorrow.
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:1>
Django
Reporter: Andreas Pelme | Owner: Andreas Pelme
Type: Uncategorized | Status: assigned
Component: Core (Other) | Version: 2.2
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 1
Needs tests: 1 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by Andreas Pelme):
* needs_better_patch: 0 => 1
* has_patch: 0 => 1
* needs_tests: 0 => 1
* needs_docs: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:2>
Django
-------------------------------+-----------------------------------------
Reporter: Andreas Pelme | Owner: Andreas Pelme
Type: Uncategorized | Status: assigned
Component: Core (Other) | Version: 2.2
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 1
Needs tests: 1 | Patch needs improvement: 1
Description changed by Andreas Pelme:
Old description:
> Having the possibility to use the secret key from other sources than
> settings and being able to verify signatures with old secret keys would
> improve security in a number of ways.
>
> See [https://groups.google.com/forum/#!msg/django-developers/jg-
> eu3HtLHI/V_rbzYKfAQAJ the discussion in django-developers] for a longer
> explanation and discussion.
New description:
Having the possibility to rotate the secret key would be nice.
See [https://groups.google.com/forum/#!msg/django-developers/jg-
eu3HtLHI/V_rbzYKfAQAJ the discussion in django-developers] for a longer
explanation and discussion.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:3>
Django
-------------------------------+-----------------------------------------
Reporter: Andreas Pelme | Owner: Andreas Pelme
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 1 | Patch needs improvement: 1
Changes (by felixxm):
* type: Uncategorized => New feature
* version: 2.2 => master
* stage: Unreviewed => Accepted
Comment:
[https://github.com/django/django/pull/11198 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:4>
Django
-------------------------------+-----------------------------------------
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 1 | Patch needs improvement: 1
Changes (by Ryan Hiebert):
* cc: Ryan Hiebert (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:5>
Django
-------------------------------+-----------------------------------------
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Carlton Gibson):
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
* needs_docs: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:6>
Django
-------------------------------+-----------------------------------------
Type: New feature | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Carlton Gibson):
* owner: Andreas Pelme => tim-schilling
Comment:
[https://github.com/django/django/pull/15198 New PR] adding
`SECRET_KEY_FALLBACKS` based on discussion/reviews of previous approaches.
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:7>
Django
-------------------------------+-----------------------------------------
Reporter: Andreas Pelme | Owner: tim-schilling
Type: New feature | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 1 | Patch needs improvement: 1
Changes (by Mariusz Felisiak):
* needs_better_patch: 0 => 1
* needs_tests: 0 => 1
* needs_docs: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:8>
Django
-------------------------------+-----------------------------------------
Reporter: Andreas Pelme | Owner: tim-schilling
Type: New feature | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:9>
Django
Reporter: Andreas Pelme | Owner: tim-
| schilling
Type: New feature | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_docs: 1 => 0
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:10>
Django
-------------------------------------+-------------------------------------
Reporter: Andreas Pelme | Owner: tim-
| schilling
Component: Core (Other) | Version: dev
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7" 0dcd549b]:
{{{
#!CommitTicketReference repository=""
revision="0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7"
Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <and...@pelme.se>
Co-authored-by: Carlton Gibson <carlton...@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terra...@gmail.com>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:11>