-
Notifications
You must be signed in to change notification settings - Fork 755
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secrets from date #1265
Comments
Thanks for filling out the issue template in detail, but I still don't get your process? Could you just enumerate what are you doing (best as 1./2./3. etc.) and what you want PrivateBin to do in each step? (Or how you are currently doing it vs how you want it to do.) |
Allright, tldr; all I need is delayed/timed/scheduled publishing of secrets. We share secrets in a small window, to "unlock" zipped files I hope the context is no a bit more defined |
The key phrase, I think, is "And that is a stressful and person-depended job." - when recognizing such a condition, investigating a way to automate it is the way to go. Is it an option to use one of the third-party clients in a script, triggered by an at-job or systemd timer at the precise time, to create the paste, store the link and send the notification? While it is certainly possible to modify this service to have a second timestamp attribute and not serve the paste before that is reached, you still have to trust the server code not to get bypassed somehow. If the paste isn't created till that time, it is more secure. The paste creation could be done from another, more secure environment. |
An alternative idea to automate this may be having a list of secrets saved in pads (maybe even on a "public" site) already, and only providing the access links - or better maybe, passwords – at the start time ("from time"), where you want the secret to be accessed. |
The nice thing here, and that is very personal, is that our hosting has a public facing PrivateBin. The whole goal is that the file and password are not stored at one place. I get that this is a whole new scope in security/aspect for the application; because keeping it a secret until a moment means a new attack vector / security layer to support this propperly (if even possible) |
The problem
When sharing secrets we have the problem that certain passwords are only accessible from a specific date.
The problem is now that we are required to only make them available from a specific time.
But in the ideal world, would the link be already present and shared; if the secret-holder gets sick or anything happens in the process, the secret sharing process is lost.
The solution
Next to the till date we get a from date for secrets.
So long the date is not met, the secret is not accessible.
Alternatives
I am still required till the last second to share them and when I'm sick or something there will be an insecure step in the sharing of secrets
Additional context
We share keys for an external organization. And it tries to unzip it based on the url (that will be read as plain text)... whole process; it works.
Now I will make the secret one minute before the files are released, fill them in a CMS at the last second and the file is released.
but i would like to do this all a few weeks before and trust the
PrivateBin
to do its work.Support
I am very interested to work on this feature and would assign developer capacity. But would this be a feature that would be accepted with the scope of PrivateBin or is this very out of scope?
The text was updated successfully, but these errors were encountered: