Changelog:
Security enhancements in the Irapass
Json schema validation errors will be in single line
Security Enhancement in the Latest Release of Irapass
One of the important security enhancements added in the latest release of licensing module is encrypted license acquisition. License requests from each site can now be secured using the site's private key(2048 bits), which helps protect against unauthorized access and ensures the integrity of license management. Only authorized users have access to the licensing portal for site management and only those who have the private keys(password protected) can now use the site_id and request the license. This helps to ensure the sender's identity that it is coming from the right source.
Steps to follow:
Update to the latest versions:
public.ecr.aws/epicode-modules/irapass:2.33.60 |
In the above release, irapass.json now takes one new property i.e. site_private_key_file . And use_old_rsa_protocol should be set to false . The new json schema for the same would be.
|
{ "site_private_key_file": {"type": "string"}, } |
Below is the sample irapass.json
{ |
To generate the site private key key, login to https://license.epicode.in/
Click on 'Site' at the top right.
Go to the respective site for which you want to generate the key, and click on the dropdown.
You will now be able to see the 'New Key' button. Click on it.
You can either copy and paste the key or download it.
Copy the PEM file to the directory from where irapass pod can access it (same has to be mentioned in the irapass.json).
Note that these private files are password protected, and the password is known only to the license portal. IraPass retrieves the password securely at run-time, before loading the private key for requesting the licenses.