iroha icon indicating copy to clipboard operation
iroha copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

Guard against secrets leakage

Open mversic opened this issue 2 years ago • 2 comments

Make use of the secrecy crate to prevent the secrets like PrivateKey(are there any other?) from being leaked accidentally by being printed in logs or serialized. Secret wrapper also makes sure that upon dropping the field is zeroized in memory

mversic avatar Feb 21 '23 13:02 mversic

I don't think it's feasible at least before we remove the config documentation from the API (as planned by hyperledger/iroha-rfcs#8). Removing Serialize impl from the key seems to have troubles with the iroha_config_base::proxy::Documented trait. It'll be easier to add secrecy after the removal than to try to work around that now IMO.

DCNick3 avatar Oct 16 '23 21:10 DCNick3

Documented trait will be removed by:

  • https://github.com/hyperledger/iroha/pull/4127

0x009922 avatar Dec 08 '23 07:12 0x009922

@dima74 should this be closed?

nxsaken avatar May 14 '24 13:05 nxsaken