Add optional file encryption for user credentials configuration#3391
Merged
svartkanin merged 4 commits intoarchlinux:masterfrom Apr 26, 2025
Merged
Add optional file encryption for user credentials configuration#3391svartkanin merged 4 commits intoarchlinux:masterfrom
svartkanin merged 4 commits intoarchlinux:masterfrom
Conversation
codefiles
reviewed
Apr 13, 2025
Contributor
codefiles
left a comment
codefiles
left a comment
There was a problem hiding this comment.
What is the reason for using the Password class and not just a str throughout? When it is being used in these changes, it is initialized with plaintext and then is only ever used as plaintext. This looks like unnecessary complexity.
codefiles
reviewed
Apr 13, 2025
Collaborator
Author
|
@Torxed any concerns with this or can we merge it? |
Member
|
Looks good to me! |
Torxed
approved these changes
Apr 26, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a follow-up PR for #3276 to fix #1111.
It'll add a option to store the data in the
user_configuration.jsonfile in encrypted form. While saving the configuration files there's a new optional step to encrypt the content and if chosen provide an encryption key. The newly introducedcryptographymodule will handle the encryption by generating a salt and using Argon2id to encrypt the JSON data with the provided password.The stored encryption data will look like
When providing an encrypted
user_credentials.jsonfile, there are 3 ways to provided the encryption key:--creds-decryption-keyARCHINSTALL_CREDS_DECRYPTION_KEY