If you use the source_database argument to specify your source database address/credentials (as opposed to defining them in settings.php and just referencing them through source_connection), the credentials are stored as plaintext in the arguments in migrate_status (or, in the coming wizard_api world, migrate_group). We should encrypt the credentials.

CommentFileSizeAuthor
#10 migrate_d2d-encryptdb-1896006-10.patch5.2 KBmikeryan
#9 migrate_d2d-encrypt-stored-db-creds-1896006-9.patch1.6 KBAnonymous (not verified)
#6 encrypt_stored_db_creds-1896006-6.patch4.64 KBAnonymous (not verified)
#5 encrypt_stored_db_creds-1896006-5.patch3.95 KBAnonymous (not verified)
#2 encrypt_stored_db_creds-1896006-2.patch1.45 KBAnonymous (not verified)
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Murphysboro, IL, USA
CreditAttribution: mikeryan commented
Assigned: Unassigned »
Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
FileSize
encrypt_stored_db_creds-1896006-2.patch1.45 KB

This patch is dependent upon this other patch to migrate:
http://drupal.org/node/1901980#comment-6998214

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Active » Needs review
mikeryan’s picture

mikeryan
he/him
Primary language English
Location Murphysboro, IL, USA
CreditAttribution: mikeryan commented
Status: Needs review » Needs work

We're rethinking the general approach to encrypting arguments, see #1901980: Convenience functions for encryption/decryption.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Needs work » Needs review
FileSize
encrypt_stored_db_creds-1896006-5.patch3.95 KB

I've isolated these changes to the migrate_d2d module (no patch to base migrate needed). I've mimicked the behavior of the encrypt module in the case of it being absent so that if it's added later the encrypted values will still be useable.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
FileSize
encrypt_stored_db_creds-1896006-6.patch4.64 KB

A few more updates based on feedback from Mike.

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Murphysboro, IL, USA
CreditAttribution: mikeryan commented
Status: Needs review » Reviewed & tested by the community

Looks good to me (and works just fine with my current wizard code), feel free to commit at will to the wizard_api branch.

Thanks.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Reviewed & tested by the community » Closed (fixed)
Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Closed (fixed) » Needs review
FileSize
migrate_d2d-encrypt-stored-db-creds-1896006-9.patch1.6 KB

Deprecating these functions before the official release of this branch and updating the code to rely on the encrypt/decrypt functions added to MigrationBase in this issue: http://drupal.org/node/1901980

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Murphysboro, IL, USA
CreditAttribution: mikeryan commented
FileSize
migrate_d2d-encryptdb-1896006-10.patch5.2 KB

Here's a patch to work with the latest Migrate patch at #1901980: Convenience functions for encryption/decryption.

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Murphysboro, IL, USA
CreditAttribution: mikeryan commented
Status: Needs review » Needs work

Actually, just occurred to me we should have an update function to add the encrypted_arguments to group argument for any existing migrations that have encrypted the source_database.

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Murphysboro, IL, USA
CreditAttribution: mikeryan commented
Status: Needs work » Fixed

I implemented the update function and tested with a site migration I had registered with the former encryption builtin to migrate_d2d, worked just fine, I've committed this.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.