Modify contract to capture sensitive flag for partition specific secrets config (#4) · Issues · Open Subsurface Data Universe Software / Platform / System / Partition

Modify contract to capture sensitive flag for partition specific secrets config

Problem: Partition secret configurations available via partition service can pose following security issue:

All Secrets are exposed by default to any service regardless if they need them or not.
Secrets are held in memory cache both at the partition service and the service client library.
Potential for logging secret values to the central logger are increased due to secrets being sent in Microservice HTTP Response Objects. a. Trace Logs are often used to dump http request and response objects between services for debugging purposes.

Solution: Provide a mechanism to distinguish secret and non-secret partition configuration and delegate responsibility of consuming secret using cloud native libraries at service level.

Current

public class PartitionInfo {

    @Builder.Default
    Map<String, Object> properties = new HashMap<>();
}

e.g.

{
    "properties": {
        "complianceRuleSet": "shared",
        "storageAccountKey": "test-storage-**secret**"
    }
}

Proposed

public class PartitionInfo {

    @Builder.Default
    Map<String, Property> properties = new HashMap<>();
}

public class Property {
    @Builder.Default
    private boolean sensitive = false;
    private Object value;
}

e.g.

{
    "properties": {
        "complianceRuleSet": {
            "sensitive": false,
            "value": "shared"
        },
        "storageAccountKey": {
            "sensitive": true,
            "value": "test-storage-**key**"
        }
    }
}

Edited Sep 28, 2020 by neelesh thakur