Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make encryptedSavedObjects plugin dependency optional and stop relying on usingEphemeralEncryptionKey #81620

Closed
azasypkin opened this issue Oct 26, 2020 · 4 comments
Closed

Make encryptedSavedObjects plugin dependency optional and stop relying on usingEphemeralEncryptionKey #81620

azasypkin opened this issue Oct 26, 2020 · 4 comments
Labels
blocker Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.12.0

Comments

@azasypkin
Copy link
Member

azasypkin commented Oct 26, 2020
edited
Loading

As we agreed in #79943 (comment) SecuritySolution plugin should make encryptedSavedObjects plugin dependency optional (if not done yet) and stop relying on usingEphemeralEncryptionKey setup contract property.

If encryptedSavedObjects dependency is available that would mean that the proper encryption key is set, otherwise dependency won't be available.

NOTE: we can update encryptedSavedObjects plugin behavior only once all consumers stop using usingEphemeralEncryptionKey, we are targeting 7.12 and hence marking all related issues as blocking for that release.
@azasypkin azasypkin added blocker v7.11.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Oct 26, 2020
@azasypkin azasypkin mentioned this issue Oct 26, 2020
Closed
@nreese
Copy link
Contributor

nreese commented Oct 27, 2020

Closing, duplicate of #81619

@nreese nreese closed this as completed Oct 27, 2020
@azasypkin azasypkin reopened this Oct 28, 2020
@azasypkin azasypkin added v7.12.0 and removed v7.11.0 labels Oct 29, 2020
@azasypkin azasypkin added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. and removed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Dec 31, 2020
@azasypkin
Copy link
Member Author

Hey @elastic/siem ,

Can you please confirm that you're still targeting 7.12 for this work? Once you merge your part we'll remove usingEphemeralEncryptionKey from the EncryptedSavedObjects plugin contract in #81511.

Thanks!

@dhurley14
Copy link
Contributor

From what I see the only spot we are checking usingEphemeralEncryptionKey is to make sure the user has set encryption keys, ala the customer is not relying on ephemeral encryption keys (https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts#L38) . Anyone seeing anywhere else please feel free to update here.

@azasypkin
Copy link
Member Author

Fixed in #81511

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocker Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.12.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nreese @dhurley14 @azasypkin