[Feature]: Add options to add certificates to device/store

Question

[Feature]: Add options to add certificates to device/store

PVM-NL opened this issue 2 years ago · comments

PVM-NL commented 2 years ago

NetBox version

v3.4.3

Feature type

Add a function

Proposed functionality

Add the option to add or create the (TLS) certificate to the device or store.
The certificate file types can be. pfx, pem,.crt,.cer, or.key.

As the store is to safeguard the username/password might be usefull to also add the (device) certificate.

Use case

Its adds the certificate who might be bind to the device to use.
If its a https server certificates these are bind to websites. Also with switches or use with WIFI sometimes the company certificates are added.

External dependencies

Dont know

Abhimanyu Saharan · Answer 1 · Tue Jan 31 2023 16:36:25 GMT+0800 (China Standard Time)

This may either require a DB model change or we may have to extend the secrets model and create a new one for certificates. I'm going to hold on to this until more details can be fleshed out

PVM-NL · Answer 2 · Tue Jan 31 2023 16:47:05 GMT+0800 (China Standard Time)

Ok, well if it is possible i think this would makes the plugin complete.
As i compare the secrets plugin to for example azure keyvault but then you hold it inside and not in the cloud perhaps.

An integration with those providers is also nice like
https://github.com/nautobot/nautobot-plugin-secrets-providers

Abhimanyu Saharan · Answer 3 · Tue Jan 31 2023 18:04:03 GMT+0800 (China Standard Time)

The secret provider will be out of scope for now as that requires alot of work and discussion to figure out the right way.

Abhimanyu Saharan · Answer 4 · Tue Jan 31 2023 21:50:09 GMT+0800 (China Standard Time)

Just looking over the db models briefly, it makes the most sense to create a new one. However, in doing so the current secret model will most likely become an abstract class and 2 new models will inherit from it.
For the certificate model, I'm also thinking there should be 2 different fields namely certificate and key and when the data is added to these fields a validation is run to ensure the data is correct like key validation for the certificate.
The fields will have to be text fields to allow for bigger texts.
The key field will be encrypted where as the certificate will remain as plaintext

Abhimanyu Saharan · Answer 5 · Wed Feb 22 2023 06:24:05 GMT+0800 (China Standard Time)

I'll try to tackle this issue on the coming weekend and evaluate what changes are needed to get this going

PVM-NL · Answer 6 · Fri Feb 24 2023 18:30:24 GMT+0800 (China Standard Time)

Take your time, which is better than do it in a hurry :)

Abhimanyu Saharan · Answer 7 · Sun May 07 2023 02:14:03 GMT+0800 (China Standard Time)

After discussing this internally, we currently will not be implementing this into secret plugin. Perhaps this can be covered in a separate plugin which can be built on top of netbox-secrets.

PVM-NL · Answer 8 · Mon May 08 2023 16:43:23 GMT+0800 (China Standard Time)

After discussing this internally, we currently will not be implementing this into secret plugin. Perhaps this can be covered in a separate plugin which can be built on top of netbox-secrets.

Ah ok too bad, i was hoping it went on the roadmap. Really thought it was a nice addition to the plugin.

Abhimanyu Saharan · Answer 9 · Mon May 08 2023 19:46:50 GMT+0800 (China Standard Time)

We are however thinking of providing multi-line fields which should take care of feature such as this to be covered using the existing implmentation.

Abhimanyu Saharan · Answer 10 · Fri May 26 2023 15:37:44 GMT+0800 (China Standard Time)

@kprince28 Can you see if adding multiline fields for passwords is feasible? We however want to keep backwards compatibility with the change.