Enhance Redis security: prevent system_id and auth_token exposure #7905
Description
Currently, system_id (aka system_key) and auth_token (aka system_secret) are stored in the public part of Redis. Although at this moment an attacker can only try to download the backup (which is encrypted, so no real problem occurs), in the future these credentials might be used for other, more critical operations.
These credentials are used at least by the following applications:
- ns8-metrics: to enable alerting for my.nethesis.it and my.nethserver.com
- ns8-nethvoice: to enable enterprise-only features
- ns8-nethsecurity-controller: to enable enterprise-only features
- ns8-webtop: to download tcme plugin
Proposed solution
Implement measures to avoid publishing system_id and auth_token to Redis, or restrict their exposure via specific ACLs. Consider an approach similar to lokiadm that can invoke a reveal-credentials action for required modules, or migrate the handling/usage of these credentials to a more secure dedicated registry or encrypted storage.
Additional context
At the moment backup downloads are encrypted, mitigating current risks, but future use-cases may increase exposure if credentials are used for other features or integrations.