SPIKE: RM API Key should be secure /encrypted in storage

Priority

Labels

back-endepam-spitfiresecurity

Environment

None

Template

None

Description

RM API Key is currently stored in mod-configuration and is used by both mod-kb-ebsco-java and mod-codex-ekb.

The key is stored in plain text and should be encrypted.

Discussions is slack #tech-leads around a general approach to provide secure encrypted storage in FOLIO. Also notes current technique used by edge apis for this
https://folio-project.slack.com/archives/CH12W8XCH/p1565187165007800

Investigate/implement changes for this in folio-holdingsiq-client

Deliverable

Need to propose a solution that is presented to the team to determine next steps

Timebox

8hrs - 12 hrs

Development Team

Spitfire

Release

None

Story Points

None

Sprint

None

Linked issues

relates to

MODKBEKBJ-331

SPIKE - How to store multiple HoldingsIQ/RM API credentials in mod-configuration

UXPROD-2376

Q3 2020: Spitfire Tech Debt

Checklist

hide

TestRail: Results

Activity

Show:

Khalilah Gambrell June 12, 2020 at 1:35 PM

Will wait for a global solution.

Carole Godfrey June 12, 2020 at 11:49 AM

I think situation is better with the latest changes (key is stored in mod-kb-ebsco-java module db instead of mod-configuration db) so better protected --but it is still stored in plain text.
Would be best if there were a FOLIO recommended way for storing secrets

Khalilah Gambrell June 12, 2020 at 10:57 AM

, is this story still valid?

Won't Do

Details

Assignee

Unassigned

Reporter

Carole Godfrey

Fix versions

3.5.0

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created August 7, 2019 at 3:05 PM

Updated June 12, 2020 at 1:35 PM

Resolved June 12, 2020 at 1:35 PM

Configure

TestRail: Cases

TestRail: Runs