Skip to content

Remove user secret key from encrypted session token #652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 18, 2021
Merged

Remove user secret key from encrypted session token #652

merged 1 commit into from
Mar 18, 2021

Conversation

@Alevsk
Copy link
Contributor

@Alevsk Alevsk commented Mar 17, 2021

User secret key is not really need it to be stored inside the encrypted
session key, since the change-password endpoint requires the user to
provide the current secret key that password will be used to
initialize a new minio client then we will leverage on the
SetUser operation, this api only works with actual user credentials
and not sts credentials

@Alevsk Alevsk self-assigned this Mar 17, 2021
@Alevsk Alevsk force-pushed the change-password-refactor branch from ef05054 to 0ae9f92 Compare March 17, 2021 22:57
@Alevsk Alevsk linked an issue Mar 17, 2021 that may be closed by this pull request
Remove user secret key from encrypted session token #651
Closed
@Alevsk
Remove user secret key from encrypted session token
b5c3201 
User secret key is not really need it to be stored inside the encrypted
session key, since the `change-password` endpoint requires the user to
provide the current `secret key` that password will be used to
initialize a new minio client then we will leverage on the
`SetUser` operation, this api only works with actual user credentials
and not sts credentials
@Alevsk Alevsk force-pushed the change-password-refactor branch from 0ae9f92 to b5c3201 Compare March 17, 2021 23:18
@dvaldivia dvaldivia merged commit c48a024 into minio:master Mar 18, 2021
@Alevsk Alevsk deleted the change-password-refactor branch March 18, 2021 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dvaldivia dvaldivia dvaldivia approved these changes

@aead aead aead approved these changes

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

@bexsoft bexsoft Awaiting requested review from bexsoft

Assignees

@Alevsk Alevsk

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove user secret key from encrypted session token

3 participants

@Alevsk @dvaldivia @aead