[rbdemo] Decrypt and encrypt sensitive fixture data.

Review Request #12409 — Created June 24, 2022 and submitted

Information

rb-extension-pack
master

Reviewers

The new rbdemo fixture support made a bad assumption that the hosting
service account data could be simply set and used, but this data is
actually encrypted, meaning it's not portable between servers.

To address this, that part of the fixture data is no longer literal.
Instead, each key specifies whether it's raw or encrypted in the
fixture, and whether it should be raw or encrypted in the resulting
data.

To cover bases, user password hashes are now encrypted as well.

An AES encryption key must be set on the instance, and this will be used
to decrypt the data in the fixture. The data can then be re-encrypted
for the target server.

This allows for safe sensitive data storage and fixture portability.

Deployed this to demo.reviewboard.org along with new fixtures using
this. The data was successfully decrypted from the fixture and
re-encrypted for the target server.

Summary ID
[rbdemo] Decrypt and encrypt sensitive fixture data.
The new rbdemo fixture support made a bad assumption that the hosting service account data could be simply set and used, but this data is actually encrypted, meaning it's not portable between servers. To address this, that part of the fixture data is no longer literal. Instead, each key specifies whether it's raw or encrypted in the fixture, and whether it should be raw or encrypted in the resulting data. To cover bases, user password hashes are now encrypted as well. An AES encryption key must be set on the instance, and this will be used to decrypt the data in the fixture. The data can then be re-encrypted for the target server. This allows for safe sensitive data storage and fixture portability.
4b79eda392a896ef17959302c74bd34558638d5b
david
  1. Ship It!
  2. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to master (c192db4)