semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard
verified publisher icon semaphoreui

leakage of sensitive configuration values

Open jojoob opened this issue 2 years ago • 0 comments

When semaphore is deployed as systemd service as described (here and here) the service user is able to access sensitive configuration values via the config.json. Sensitive configuration values should be injected as environment variables via EnvironmentFile by systemd. The file must not be readable by the service user.

Example

/etc/systemd/system/semaphore.service.d/secrets.conf:

[Service]
EnvironmentFile=/etc/semaphore/secret.env

-rw------- 1 root root /etc/semaphore/secret.env:

SEMAPHORE_ACCESS_KEY_ENCRYPTION="xxx"
# SEMAPHORE_DB_* ...
# currently not available: SEMAPHORE_COOKIE_HASH and SEMAPHORE_COOKIE_ENCRYPTION

In addition to the configuration parameters already defined as sensitive cookie_hash and cookie_encryption are sensitive too, aren't they? This may effect all deployment scenarios.

jojoob avatar Mar 15 '23 09:03 jojoob