Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt patient data at rest and in backup files. #251

Open
wants to merge 13 commits into
base: dev
Choose a base branch
from
Open

Encrypt patient data at rest and in backup files. #251

wants to merge 13 commits into from

Conversation

schuyler
Copy link
Member

@schuyler schuyler commented Feb 11, 2020
edited
Loading

This PR accomplishes a few things:

  • Adds a system-wide encryption secret in /usr/share/buendia/system.key that is created if not already present during buendia-utils postinstall.
  • Modifies buendia-mysql to use this secret to encrypt a separate set of database keys, and updates the database dependency to MariaDB > 10.1.4 to guarantee that AES-CTR encryption-at-rest is available.
  • Updates buendia-backup to use the system key to encrypt OpenMRS and Buendia configuration data on backup, and to decrypt with same on restore.
  • Also updates buendia-backup to backup and restore the system key itself to an external storage device, whenever an external device is used for backup or restore.

This PR lays the groundwork for the security reset mode as described in #250 .

The encryption-at-rest, backup, and restore functions are all tested to some extent in integration tests that work in Vagrant. I've tested this functionality manually both on a fresh Vagrant system, and as an upgrade to an existing Vagrant system.

schuyler added 13 commits February 6, 2020 14:45
@schuyler
Generate system key if not present when buendia-utils is installed.
91c2378
@schuyler
Add encrypt/decrypt_file functions to utils.sh.
e2b89bd 
Intended for use with the Buendia system key.
@schuyler
Integration test to ensure OpenMRS tables are encrypted.
32632c7
@schuyler
Change buendia-mysql dependency to mariadb-server-10.1.
021d974 
Specifically for encryption support.
@schuyler
Rename /etc/mysql/conf.d/buendia-mysql to .cnf just to confirm to Mar…
98dc9ef 
…iaDB convention.
@schuyler
Create MariaDB encryption keys in buendia-mysql postinst.
81d4197
@schuyler
Add MariaDB configuration to enable InnoDB table encryption.
9efc87f
@schuyler
Basic approach to encrypting backups.
d8d43df 
Essentially, ensure that openmrs.zip and buendia.tar.gz are encrypted
using the Buendia system key.

The patient chart ZIP is already encrypted with the OpenMRS server
password, so we're leaving that untouched for now.
@schuyler
Don't fail simultaneous backup test if database is empty.
d7bcffb
@schuyler
Add a note about the MariaDB table encryption test.
ad48920
@schuyler
buendia-backup copies system.key to external backup
60664e3
@schuyler
buendia-restore restores a system key from external storage
39cd7ca
@schuyler
buendia-restore should copy encrypted files to temporary local storage
850a9db 
before decrypting.

This will hopefully minimize the risk of running out of space on the
backup storage device, since the decryption process has to make a copy
of the output on disk.
@schuyler schuyler requested a review from zestyping February 11, 2020 00:47
@schuyler schuyler mentioned this pull request Mar 20, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zestyping zestyping Awaiting requested review from zestyping

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@schuyler @zestyping