Access secrets work on the staging stack after a user makes a change to the prod stack

Description

When a user changes a secret on their account in prod, their profile in staging is not updated until after the next migration. This could be problematic in the case of a leaked secret that must be changed to prevent unauthorized access.

Environment

None

Activity

Show:
Xavier Schildwachter
March 2, 2021, 7:44 PM

We go through the load balancer (public endpoint), don’t think VPN can help… Somehow we’d have to restrict access at the load balancer while in staging (that’d mean a ‘deploy’ to put it back to normal before going live, which we’ve been trying to avoid). Can we do something internal (and dynamic) in auth so the infra does not need to be touched (akin to ‘read-only’ mode but limiting access to members of a (group of) teams for example)?

Bruce Hoff
December 5, 2020, 7:36 PM
Edited

Note, this applies to passwords, API keys, and to secrets in general. I think it applies to session tokens. If it applies to OAuth access tokens and personal access tokens then one way to increase their security by requiring that the OIDC issuer (which is different for prod vs. staging) be correct. But again this doesn't fix the problem for p/ws and API keys.

One approach is to reduce the accessibility of staging.synapse.org, e.g. by requiring users go go through the VPN to access the site. (Credit to for the idea.)

What other approaches might we use?

Assignee

Unassigned

Reporter

Nick Grosenbacher

Validator

Bruce Hoff

Priority

Major

Labels

None

Development Area

None

Sprint

None

Fix versions

None

Release Version History

None

Story Points

None

Epic Link

None

Slack Channel

None