From 430d294007edc2a43b2a17f8751e157d6211f5e8 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Wed, 5 Oct 2022 13:04:27 -0700 Subject: [PATCH] Updated Backing up your vault (markdown) --- Backing-up-your-vault.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Backing-up-your-vault.md b/Backing-up-your-vault.md index ab052fa..a39f680 100644 --- a/Backing-up-your-vault.md +++ b/Backing-up-your-vault.md @@ -86,9 +86,9 @@ _**Backup recommended.**_ These files are used to sign the JWTs (authentication tokens) of users currently logged in. Deleting them would simply log out each user, forcing them to log in again. -The `rsa_key.pem` (private key) file could be considered mildly sensitive. In principle, it could be used to forge login sessions to your server, though in practice, doing so would require additional knowledge of various UUIDs (e.g., taken from a copy of your database). Also, any data obtained with a forged session would still be encrypted with personal and/or organization keys, so brute-forcing the relevant master password in order to obtain those keys would still be required. +The `rsa_key.pem` (private key) file could be considered somewhat sensitive. In principle, it could be used to forge vault login sessions to your server, though in practice, doing so would require additional knowledge of various UUIDs (e.g., taken from a copy of your database). Also, any data obtained with a forged session would still be encrypted with personal and/or organization keys, so brute-forcing the relevant master password in order to obtain those keys would still be required. Admin panel login sessions, however, could be forged easily (this would only work if the admin panel is enabled). This wouldn't provide access to vault data, but it would allow some administrative actions like deleting users or removing 2FA. -Nevertheless, encrypting the private key is recommended if you're concerned that someone else might be able to access it (e.g., when uploaded to cloud storage). +Overall, encrypting the private key is recommended if you're concerned that someone else might be able to access it (e.g., when uploaded to cloud storage). ### The `icon_cache` dir