RekeySecretAdminMonitor should be generalized so that done is not a simple boolean, but a numeric counter which gets compared to a constant that is incremented each time we ship a security fix that might have compromised master.key. The call to isUpgradedFromBefore(new VersionNumber("1.496.*")) needs to be somehow changed. And Messages.pleaseRekeyAsap needs to be generalized.
Probably there should also be a button in /configureSecurity allowing an admin to initiate rekeying at any other time that they suspect keys might have been compromised.
- is related to
-
JENKINS-17289 Re-key operation seems to take unnecessarily long
-
- Closed
-
[JENKINS-27446] Rerun SecretRewriter
SecretRewriter would also need to be initialized with something other than Secret.getLegacyKey(), and RekeySecretAdminMonitor would have to also look in DefaultConfidentialStore.rootDir for ConfidentialKey instances saved using the old master.key.
Does this really belong to SECURITY? Seems to me that it should be in JENKINS.
Re-keying wasn't fun. It took forever and in the end modified 36 files.
JENKINS-17289suggests a few performance improvements that should be considered if this becomes a semi-regular event.