RekeySecretAdminMonitor should be generalized so that done is not a simple boolean, but a numeric counter which gets compared to a constant that is incremented each time we ship a security fix that might have compromised master.key. The call to isUpgradedFromBefore(new VersionNumber("1.496.*")) needs to be somehow changed. And Messages.pleaseRekeyAsap needs to be generalized.
Probably there should also be a button in /configureSecurity allowing an admin to initiate rekeying at any other time that they suspect keys might have been compromised.
- is related to
-
JENKINS-17289 Re-key operation seems to take unnecessarily long
-
- Closed
-