Skip to content

Encrypt patient data at rest and in backup files.#251

Open
schuyler wants to merge 13 commits intodevfrom
schuyler/mariadb-encryption
Open

Encrypt patient data at rest and in backup files.#251
schuyler wants to merge 13 commits intodevfrom
schuyler/mariadb-encryption

Conversation

@schuyler
Copy link
Copy Markdown
Member

@schuyler schuyler commented Feb 11, 2020
edited
Loading

This PR accomplishes a few things:

  • Adds a system-wide encryption secret in /usr/share/buendia/system.key that is created if not already present during buendia-utils postinstall.
  • Modifies buendia-mysql to use this secret to encrypt a separate set of database keys, and updates the database dependency to MariaDB > 10.1.4 to guarantee that AES-CTR encryption-at-rest is available.
  • Updates buendia-backup to use the system key to encrypt OpenMRS and Buendia configuration data on backup, and to decrypt with same on restore.
  • Also updates buendia-backup to backup and restore the system key itself to an external storage device, whenever an external device is used for backup or restore.

This PR lays the groundwork for the security reset mode as described in #250 .

The encryption-at-rest, backup, and restore functions are all tested to some extent in integration tests that work in Vagrant. I've tested this functionality manually both on a fresh Vagrant system, and as an upgrade to an existing Vagrant system.

schuyler added 13 commits February 6, 2020 14:45
@schuyler
Generate system key if not present when buendia-utils is installed.
91c2378
@schuyler
Add encrypt/decrypt_file functions to utils.sh.
e2b89bd 
Intended for use with the Buendia system key.
@schuyler
Integration test to ensure OpenMRS tables are encrypted.
32632c7
@schuyler
Change buendia-mysql dependency to mariadb-server-10.1.
021d974 
Specifically for encryption support.
@schuyler
Rename /etc/mysql/conf.d/buendia-mysql to .cnf just to confirm to Mar…
98dc9ef 
…iaDB convention.
@schuyler
Create MariaDB encryption keys in buendia-mysql postinst.
81d4197
@schuyler
Add MariaDB configuration to enable InnoDB table encryption.
9efc87f
@schuyler
Basic approach to encrypting backups.
d8d43df 
Essentially, ensure that openmrs.zip and buendia.tar.gz are encrypted
using the Buendia system key.

The patient chart ZIP is already encrypted with the OpenMRS server
password, so we're leaving that untouched for now.
@schuyler
Don't fail simultaneous backup test if database is empty.
d7bcffb
@schuyler
Add a note about the MariaDB table encryption test.
ad48920
@schuyler
buendia-backup copies system.key to external backup
60664e3
@schuyler
buendia-restore restores a system key from external storage
39cd7ca
@schuyler
buendia-restore should copy encrypted files to temporary local storage
850a9db 
before decrypting.

This will hopefully minimize the risk of running out of space on the
backup storage device, since the decryption process has to make a copy
of the output on disk.
@schuyler schuyler requested a review from zestyping February 11, 2020 00:47
@schuyler schuyler mentioned this pull request Mar 20, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zestyping zestyping Awaiting requested review from zestyping

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@schuyler @zestyping