Opened 6 months ago

Last modified 5 months ago

#34123 assigned project

Provide secrets/passwords management for Tor Browser Nightly signing

Reported by: sysrqb Owned by: hiro
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords: tpa-roadmap-june
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


As mentioned in #34121, the Tor Browser Nightly signing machine will host an OpenPGP key and an NSSDB private key. Both of these should be password-protected. Instead of hard-coding these passphrases in a file or script on the server, having a password management system from where the passwords can be retrieved would be very nice.

Child Tickets

Change History (5)

comment:1 Changed 6 months ago by gk

Cc: gk added

comment:2 Changed 6 months ago by anarcat

Status: newneeds_information

after a discussion about this on IRC, I am not sure we can help you on this. as detailed in #29677, we currently have *many* password management mechanisms. the one that could be exposed on servers (through Puppet) would be Trocla, as you correctly identified there.

but the way that works is that Trocla holds the secret (or just the hashed version!) on the puppetmaster and deploys the secret (or just the hash!) on the nodes. so, in effect, it does not *really* solves your problem here: what you would need, I suspect, is either a hardware token, or manage those secrets on your own.

i'm not sure I understand what you expect TPA to do in this specific case. i hear, from the IRC discussion, that you are worried about that knowledge being in only one or two person's heads, but the solution for this is having clear and reliable documentation, alongside training, which seems to me to be more a social than technical problem at this stage.

that said, I am happy to share the burden of storing possible secrets with the team if you are worried about losing them. we can do that in the TPA password manager or, if we need automatic generation and management, in Trocla.

i would definitely need more information about how all this works before going forward, however, so feel free to detail where I got this wrong or how things actually work, either here or in private (nextcloud, encrypted pgp email or private git repositories all work).


comment:3 Changed 6 months ago by hiro

Keywords: tpa-roadmap-may added
Owner: changed from tpa to hiro
Status: needs_informationassigned

comment:4 Changed 6 months ago by hiro

We also use a system to store password that is coded with gpg keys. Passwords in our system are stored in a repository where not everyone has access. You can use a similar system on a repository that we can setup for you.

comment:5 Changed 5 months ago by hiro

Keywords: tpa-roadmap-june added; tpa-roadmap-may removed
Note: See TracTickets for help on using tickets.