Expand the Scope of Pluggable Secret Keys Ticket

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Expand the Scope of Pluggable Secret Keys Ticket

John Gooding
Would it be possible to expand the scope of the recently accepted secret key rotation ticket to include the ability to live rotate other credentials as well, such as the DB credentials?

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/4271925d-6198-4847-80a1-fe453a6e4313%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Expand the Scope of Pluggable Secret Keys Ticket

Carlton Gibson-3
Hi John, 

I'm inclined towards "separate thing all together". Maybe they're all related but the bigger a ticket gets the less chance it has of actually appearing... 

> ... DB credentials...

Let's say you put those in environment variables... Don't you just relaunch with a new environment to "rotate"? i.e. What special handling would Django need to provide?

Kind Regards,

Carlton


On Thursday, 8 August 2019 03:43:49 UTC+2, John Gooding wrote:
Would it be possible to expand the scope of the recently accepted secret key rotation ticket to include the ability to live rotate other credentials as well, such as the DB credentials?

Or would this be a separate thing all together? 

<a href="https://groups.google.com/forum/#!searchin/django-developers/secret$20keys%7Csort:date/django-developers/jg-eu3HtLHI/V_rbzYKfAQAJ" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/forum/#!searchin/django-developers/secret$20keys%7Csort:date/django-developers/jg-eu3HtLHI/V_rbzYKfAQAJ&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/forum/#!searchin/django-developers/secret$20keys%7Csort:date/django-developers/jg-eu3HtLHI/V_rbzYKfAQAJ&#39;;return true;">https://groups.google.com/forum/#!searchin/django-developers/secret$20keys%7Csort:date/django-developers/jg-eu3HtLHI/V_rbzYKfAQAJ

<a href="https://code.djangoproject.com/ticket/30360" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fcode.djangoproject.com%2Fticket%2F30360\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEVxXBKr9HWwDnnnswKxvC20CHPgg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fcode.djangoproject.com%2Fticket%2F30360\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEVxXBKr9HWwDnnnswKxvC20CHPgg&#39;;return true;">https://code.djangoproject.com/ticket/30360

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/42ac8575-415b-4b5a-a687-d23ca72ec305%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Expand the Scope of Pluggable Secret Keys Ticket

Adam Johnson-2
In reply to this post by John Gooding
This should be a separate ticket.

I'm not sure what you need for DB credential rotation - this can already be done by creating a second user in your database, then changing Django's config to use the new one, then deleting the old one.

On Thu, 8 Aug 2019 at 02:43, John Gooding <[hidden email]> wrote:
Would it be possible to expand the scope of the recently accepted secret key rotation ticket to include the ability to live rotate other credentials as well, such as the DB credentials?

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/4271925d-6198-4847-80a1-fe453a6e4313%40googlegroups.com.


--
Adam

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM1cyxyZBexL1mp_cmis-SWPRqgRORMWV6%2Bfq%3DtmjLo93g%40mail.gmail.com.