Allow for user signup and secure storage of user secrets in DB

[trello-issues-app]

Note

This issue was auto-created by a Trello x GitHub integration

Original Link: Allow for user signup and secure storage of user secrets in DB

Card Contents:

• Create users in database. Templates can be stored per-user and can be made public
• Provider secrets will be stored in DB. Maybe encrypt with PBKDF2?
• Admin user can provision networks and add VPNs
• User accounts can view docs/network diagram/download VPNs
  • Need to figure out how users will be shared to range

[Adamkadaban]

Setting up DB + Encryption

1. On user registration, PBKDF2/Argon2 (the latter seems to be better nowadays) will be used to create an encryption key (MK) for the user.

2. A RSA public/private key pair will also be generated

3. Public key is stored in DB as-is. Private key is stored encrypted with the MK from step one.

4. When a user wants to add new AWS/Azure secrets, it can easily be encrypted with the public key in the database.

5. When deploy endpoint is called (ie. when the secrets need to be decrypted), the private key will be decrypted and the private key will be used to decrypt the secrets.

How step 5 will get the MK:
How will the frontend/CLI store the master key once a user logs in?.

1. On login, the API will generate the MK and send it back in a response to be stored in an http-only secure cookie.
2. Cookie from step 1 will be attached with every request. It will only be stored in-memory for API endpoints that need them.

[Adamkadaban]

Solved in #56