From d29549206bd7ba8c4e5784b1cc8c8387e8bd129a Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 23 Jun 2016 15:02:03 -0400 Subject: [PATCH 1/2] Fixed tests to match recent API serializer tweaks --- netbox/dcim/tests/test_apis.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/netbox/dcim/tests/test_apis.py b/netbox/dcim/tests/test_apis.py index 08ab5521a..ffb74cea2 100644 --- a/netbox/dcim/tests/test_apis.py +++ b/netbox/dcim/tests/test_apis.py @@ -205,14 +205,10 @@ class DeviceTypeTest(APITestCase): 'model', 'slug', 'u_height', + 'is_full_depth', 'is_console_server', 'is_pdu', 'is_network_device', - 'console_port_templates', - 'cs_port_templates', - 'interface_templates', - 'power_outlet_templates', - 'power_port_templates', ] nested_fields = [ @@ -324,7 +320,7 @@ class DeviceTest(APITestCase): 'comments', ] - nested_fields = ['id', 'name'] + nested_fields = ['id', 'name', 'display_name'] def test_get_list(self, endpoint='/api/dcim/devices/'): response = self.client.get(endpoint) From 96e6409e12ed3ff05713bca39b67d8b3acc4135a Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 23 Jun 2016 16:44:52 -0400 Subject: [PATCH 2/2] Expanded secrets documentation --- docs/secrets.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/secrets.md b/docs/secrets.md index ab77e0158..551083034 100644 --- a/docs/secrets.md +++ b/docs/secrets.md @@ -27,3 +27,19 @@ Each secret is assigned a functional role which indicates what it is used for. T Each user within NetBox can associate his or her account with an RSA public key. If activated by an administrator, this user key will contain a unique, encrypted copy of the AES master key needed to retrieve secret data. User keys may be created by users individually, however they are of no use until they have been activated by a user who already has access to retrieve secret data. + +## Creating the First User Key + +When NetBox is first installed, it contains no encryption keys. Before it can store secrets, a user (typically the super user) must create a user key. This can be done by navigating to Profile > User Key. + +To create a user key, you can either generate a new RSA key pair, or upload the public key belonging to a pair you already have. If generating a new key pair, **you must save the private key** locally before saving your new user key. Once your user key has been created, its public key will be displayed under your profile. + +When the first user key is created in NetBox, a random master encryption key is generated automatically. This key is then encrypted using the public key provided and stored as part of your user key. **The master key cannot be recovered** without your private key. + +Once a user key has been assigned an encrypted copy of the master key, it is considered activated and can now be used to encrypt and decrypt secrets. + +## Creating Additional User Keys + +Any user can create his or her user key by generating or uploading a public RSA key. However, a user key cannot be used to encrypt or decrypt secrets until it has been activated with an encrypted copy of the master key. + +Only an administrator with an active user key can activate other user keys. To do so, access the NetBox admin UI and navigate to Secrets > User Keys. Select the user key(s) to be activated, and select "activate selected user keys" from the actions dropdown. You will need to provide your private key in order to decrypt the master key. A copy of the master key is then encrypted using the public key associated with the user key being activated.