Plugins Directory » Wiki Cipher

8657 Author: Luis Faria
Website: https://github.com/keeps/redmine_wikicipher
Code repository: https://github.com/keeps/redmine_wikicipher
Registered on: 2012-12-19 (almost 5 years ago)
Current version: 0.0.10
Compatible with: Redmine 2.5.x, 2.2.x, 1.4.x
User ratings:   (2)

Redmine plugin to encrypt parts of the Wiki so sensitive information, like passwords, are saved encrypted in the database and you have to click a button to see them on the interface, to keep them from prying eyes. Also, all previous versions (historic) will be encripted in the database and the redmine logs will be filtered.

This plugin was created to better adequate Redmine to ISO 27001 Information Security Standard requisites.

When you install this plugin a new locker button will appear on the toolbar of every wiki edit page. Just select the sensitive information and hit the button so it puts the {{cipher}} tags around it. Now this information will be encrypted on the database and kept from prying eyes. When viewing the wiki page, the sensitive information will be hidden by a "This text is ciphered" message". Also, when using cipher on a wiki page, all previous versions of that page will be encripted in the database and the redmine logs of the update action will be filtered out. Click the "decipher" button on the toolbar to show the sensitive information.

This plugin was created and liberated by KEEP SOLUTIONS, a Portuguese company that provides advanced services for managing and preserving digital information. Contact us if you need enterprise support.

Screenshots

Select sensitive information and click on the "locker" button.

Sensitive information will be surrounded by the {{cipher}} tag.

Save, and the information will be encripted on the database and hidden from prying eyes.

Click the "Decipher" button to decrypt the sensitive information and show it.

Installation notes

  1. Place the plugin into /path/to/redmine/vendor/plugins . The name of the plugin's directory/folder should be redmine_wikicipher.
  2. Change directory to /path/to/redmine/ .
  3. Update the "database_cipher_key" configuration located in /path/to/redmine/config/configuration.yml file with some random key (this key will be used to cipher/decipher the wiki content)
  4. For redmine v2.2.x, edit the application.rb file (/path/to/redmine/config/application.rb), adding “:text” to the filter parameters (config.filter_parameters += [:password, :text]).
  5. Restart redmine.

How to change the cipher key

The key used to encrypt is based on the "database_cipher_key" configuration in the /path/to/redmine/config/configuration.yml file.
To modify the key, update the /path/to/redmine/config/configuration.yml file, run the script /path/to/wikicipherplugin/bin/updatekey.rb, passing the old key and the new key as parameters and restart redmine.

How to remove the encryption

The key used to encrypt is based on the "database_cipher_key" configuration in the /path/to/redmine/config/configuration.yml file.
To modify the key, update the /path/to/redmine/config/configuration.yml file, setting the 'database_cipher_key' as empty , run the script /path/to/wikicipherplugin/bin/updatekey.rb, passing the old key as parameter and restart redmine.

Changelog

0.0.10 (2015-04-13)

Compatible with Redmine 2.5.x, 2.2.x, 1.4.x.

Wiki cipher only shows up in wiki context & properly escapes decoded text.

redmine_wikicipher-redmine-2_5_x.zip - wikicipher for redmine 2.5.x (30 KB) Luis Faria, 2015-04-13 17:44

redmine_wikicipher-redmine-2_2_x.zip - wikicipher for redmine 2.2.x (29.9 KB) Luis Faria, 2015-04-13 17:45

redmine_wikicipher-redmine-1_4_x.zip - wikicipher for redmine 1.4.x (29.9 KB) Luis Faria, 2015-04-13 17:45

0.0.3 (2013-01-29)

Compatible with Redmine 2.2.x, 1.4.x.

https://github.com/keeps/redmine_wikicipher/archive/v0.0.3.tar.gz

Changelog:
  • Added support to Redmine 2.2.x

0.0.2 (2012-12-19)

Compatible with Redmine 1.4.x.

https://github.com/keeps/redmine_wikicipher/archive/v0.0.2.tar.gz

User ratings

  by Zach La Celle over 2 years ago

Nice that the passwords are encrypted in the database, but one button click to view deciphered text. And, the text is automatically deciphered when "Edit" is pressed. Easier to steal a user login then hack the server and steal the database.

  by mark edwards over 3 years ago

Great - works on 2.5.1 but you need to use 0.0.9 and then add a one line fix into a rb file.

PROBLEM - we want to share the wiki with other users but - if they have wiki then they get the decipher button.
need to hide the button for all but author.