To allow for salt+hash backfilling during the 90 day period, we need to store the old salt in addition to the current salt.
However, as storing the old salt for a long time defeats the purpose of salting, we'll keep it for 2 weeks which allows some slack time for troubleshooting and backfilling.
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | mforns | T199898 EventLogging sanitization | |||
Resolved | mforns | T199900 [EL sanitization] Store the old salt for 2 extra weeks |
Event Timeline
Change 454631 had a related patch set uploaded (by Mforns; owner: Mforns):
[analytics/refinery@master] Allow backup of last rotated salt for a given period in saltrotate
Change 454631 merged by Nuria:
[analytics/refinery@master] Allow backup of last rotated salt for a given period in saltrotate
Change 464009 had a related patch set uploaded (by Mforns; owner: Mforns):
[operations/puppet@production] Add backup parameter to saltrotate cron job
Change 464009 merged by Elukey:
[operations/puppet@production] Add backup parameter to saltrotate cron job
@mpopov
This task is done! From now on, the cryptographic salts used to hash EventLogging sensitive ids are going to be kept for an extra 14 days after salt rotation, to prevent data loss in case of incidents right after the salt rotation, as you guys suggested.
Cheers