Skip to content

[v14] split db ca#35950

Merged
GavinFrazar merged 5 commits intobranch/v14from
gavinfrazar/v14-split-db-ca
Feb 21, 2024
Merged

[v14] split db ca#35950
GavinFrazar merged 5 commits intobranch/v14from
gavinfrazar/v14-split-db-ca

Conversation

@GavinFrazar
Copy link
Copy Markdown
Contributor

@GavinFrazar GavinFrazar commented Dec 20, 2023
edited
Loading

Backport #35949 to branch/v14.

changelog: Fixed a database lateral movement exploit if a self-hosted database host is compromised, see https://goteleport.com/docs/management/operations/db-ca-migrations.

orca-security-us[bot]
orca-security-us Bot reviewed Dec 20, 2023
View reviewed changes
Copy link
Copy Markdown

@orca-security-us orca-security-us Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security Scan Summary

Status Check Issues by priority
Failed Failed Secrets high 1   medium 0   low 0   info 0 View in Orca

🔑 The following secrets have been detected in your pull request across all commits

⚠️ Please take action to mitigate the risk of the identified secrets by revoking them, and if already in use, updating all dependent systems

NAME FILE PATH LINE NUM COMMIT STATUS
Private Key lib/fixtures/keys.go 60 fa906d8d0 FAILED View in code

@GavinFrazar GavinFrazar force-pushed the gavinfrazar/v14-split-db-ca branch 3 times, most recently from ab297df to 4a17fdc Compare January 4, 2024 04:05
@GavinFrazar GavinFrazar marked this pull request as ready for review January 30, 2024 02:07
@GavinFrazar GavinFrazar force-pushed the gavinfrazar/v14-split-db-ca branch from 4a17fdc to 2566ee4 Compare January 30, 2024 02:07
@github-actions github-actions Bot added backport database-access Database access related issues and PRs size/lg tctl tctl - Teleport admin tool labels Jan 30, 2024
greedy52
greedy52 approved these changes Jan 30, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@greedy52 greedy52 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changelog: Introduced the Teleport Database Client CA so that separate CAs are used to issue certs to databases and database clients.

I think we should provide more details than this. Best if we have a doc guide on how to do this. If not, maybe briefly describe what needs to be done like this https://github.com/gravitational/teleport/releases/tag/v12.4.28. Or link to a GH issue or disccussion with procedures

@GavinFrazar GavinFrazar mentioned this pull request Feb 8, 2024
Merged
@GavinFrazar GavinFrazar added the security Security Issues label Feb 21, 2024
@GavinFrazar GavinFrazar added this pull request to the merge queue Feb 21, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Feb 21, 2024
@GavinFrazar GavinFrazar force-pushed the gavinfrazar/v14-split-db-ca branch from 2566ee4 to 4534c17 Compare February 21, 2024 01:37
@GavinFrazar GavinFrazar added this pull request to the merge queue Feb 21, 2024
Merged via the queue into branch/v14 with commit c2cb76a Feb 21, 2024
@GavinFrazar GavinFrazar deleted the gavinfrazar/v14-split-db-ca branch February 21, 2024 02:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greedy52 greedy52 greedy52 approved these changes

@smallinsky smallinsky smallinsky approved these changes

+1 more reviewer

@orca-security-us orca-security-us[bot] orca-security-us[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport database-access Database access related issues and PRs security Security Issues size/lg tctl tctl - Teleport admin tool

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@GavinFrazar @greedy52 @smallinsky