coArchi 0.7.0

Started by Phil Beauvoir, January 14, 2021, 12:46:33 PM

Previous topic - Next topic

Phil Beauvoir

Hi all, coArchi 0.7.0 has just been released.

You can download it here - https://www.archimatetool.com/plugins/#coArchi

The list of changes is here - https://github.com/archimatetool/archi-modelrepository-plugin/wiki/Change-Log

With this release you will now need to provide a password that secures a primary encryption key if you are storing repository passwords. You can do this in Preferences. This primary key is stored in a "primary_key" file in the collaboration workspace folder. This key is used to encrypt all other password files. These are named "secure_proxy_credentials" for proxy settings, "secure_ssh_credentials" to store the password if you use SSH, and "secure_credentials" for the password for each repository in its own ".git" folder.

Once you've set the primary password, you'll need to enter the password for each repository again in the Properties window.

If you are not using an older version of coArchi it's probably a good idea to delete the older password storage files since these are redundant. These are in the collaboration workspace folder and are named "proxy_credentials", "ssh_credentials" and "credentials" for each repository in its ".git" folder.

I've updated the wiki for Setup and Configuration - https://github.com/archimatetool/archi-modelrepository-plugin/wiki/Setup-and-Configuration
If you value and use Archi please consider making a donation! https://www.archimatetool.com/donate

gmamvura

Thanks for doing this from a security perspective, however I am not sure how you are handling LDAP integration, because if you store the password local to ArchiMate, it can get out of sync with your windows AD password. Ideally you want to avoid storing the password and attach it to the model to avoid AD sync conflicts. I would think you could do a temporary store as long as model is loaded into memory, then release the stored passwords when you close all your models. At the very least you have saved developer time to punch username/password for every commit/publish but we should not impacting security model.

I have seen cases where ArchiMate store credentials and lock your AD account when it get out of sync, because each time you open model Archi will try connect with old locally stored password and that is not good. It does not matter if password is encrypted for this problem.

However, encrypting the password was brilliant idea, for that thank you Phil.

Jean-Baptiste Sarrodie

Hi,

Quote from: gmamvura on January 20, 2021, 23:26:29 PM
however I am not sure how you are handling LDAP integration, because if you store the password local to ArchiMate, it can get out of sync with your windows AD password.

We don't handle LDAP integration. We simply let user decide if he/she wants to enter his/her password each time or save it. Of course, if the password is changed inbetween, there's nothing we can do. In this context we act like any other password management tool (same advantages, same drawbacks).

Quote from: gmamvura on January 20, 2021, 23:26:29 PM
I have seen cases where ArchiMate store credentials and lock your AD account when it get out of sync, because each time you open model Archi will try connect with old locally stored password and that is not good.

This used to be an issue on old version of coArchi but should no more be the case because Archi stops any background sync as soon as the authentication fails (before it was retrying each time, leading to account being locked on most enterprise context).

Regards,

JB
If you value and use Archi please consider making a donation! https://www.archimatetool.com/donate

Phil Beauvoir

coArchi 0.7.1 is now available and fixes an issue when creating a new primary password.

You can download it here - https://www.archimatetool.com/plugins/#coArchi

The list of changes is here - https://github.com/archimatetool/archi-modelrepository-plugin/wiki/Change-Log
If you value and use Archi please consider making a donation! https://www.archimatetool.com/donate