Show Credentials Page

Purpose

The "Show Credentials Page" component is designed to fetch, decrypt, and display credential data securely. It provides a user-friendly interface that allows users to view important information about a specific credential, including its ID, the version of the key used for encryption, creation and update timestamps, and the decrypted content of the credential.

How It Works

1. Credential ID Retrieval: The component currently uses a hardcoded credential ID. In a production setting, this would typically be derived from user session data or URL parameters to ensure the correct credential is being accessed.

2. Data Fetching: The component queries the database for a credential record matching the specified ID. The data retrieved includes:

   • Encrypted data
   • Initialization vector (IV)
   • Authentication tag
   • Key version
   • Timestamps for creation and last update

3. Error Handling: If there is no record found for the specified ID, an error message is displayed to inform the user.

4. Decryption: If a record is found, it invokes the decrypt function to decrypt the credential data using the retrieved parameters.

5. Display: The component then formats and displays the credential information, including the decrypted payload, in a readable format.

Settings

The following are the specific details regarding settings, data, and expected inputs:

Credential ID

• Input Type: Integer (fixed as of current implementation)
• Description: This is the identifier for the credential record that the system will attempt to read from the database. Changing this value would lead to fetching different credential data.
• Default Value: 1 (currently hard-coded, should be replaced with dynamic input).

Encrypted Data

• Input Type: String
• Description: This represents the actual encrypted content of the credential. It is retrieved from the database and is necessary for decryption.
• Default Value: None (varies based on the stored credential).

Initialization Vector (IV)

• Input Type: String
• Description: The IV is used in conjunction with the encrypted data to enhance security during the decryption process. Changing the IV value would make the corresponding encrypted data irrecoverable.
• Default Value: None (varies based on the stored credential).

Authentication Tag

• Input Type: String
• Description: The authentication tag secures the integrity of the decrypted data and ensures that it has not been tampered with. Incorrect or changed tags render decryption impossible.
• Default Value: None (varies based on the stored credential).

Key Version

• Input Type: String
• Description: This indicates the version of the encryption key used to encrypt the data. This information is critical for managing key lifecycle and ensuring compatibility with the decryption process. Changing this value won't have a direct effect unless the corresponding encryption key is modified.
• Default Value: None (defined at runtime based on database).

Created At

• Input Type: Timestamp
• Description: A record of when the credential was initially created. This is useful for auditing purposes and determining the age of sensitive data.
• Default Value: None (varies based on the stored credential).

Updated At

• Input Type: Timestamp
• Description: A timestamp noting the last modification of the credential record. Important for tracking changes over time.
• Default Value: None (varies based on the stored credential).

Data Expectations

The component expects the presence of a credential record in the database. Specifically, it needs:

• A valid credential ID, which should map to a specific record in the credentials store.
• The related encrypted fields (encryptedData, iv, authTag, etc.) must be populated to ensure successful decryption.

Use Cases & Examples

Use Case 1: Access Control for API Keys

An organization managing numerous API integrations can use the Show Credentials Page to securely display API keys to authorized personnel only. This ensures that sensitive key data is only visible to users with the appropriate permissions.

Use Case 2: Auditing and Compliance

Compliance officers may need to periodically review the creation and updates of sensitive credentials. The Show Credentials Page provides them with quick access to critical timestamps, improving the auditing process.

Use Case 3: Security Incident Response

In the event of a security breach, security teams can utilize this page to quickly identify when a credential was created and last updated, helping them assess whether the credential was compromised.

Example Configuration

For instance, if a user needed to configure the component to fetch and display an API token stored with ID 123, they would replace the current hard-coded credential ID with:

const credentialId = 123; // Dynamic retrieval or parameterization is recommended.

Moreover, the credential record in the database could look like the following:

{
    "id": 123,
    "encryptedData": "b84e9...3c9f",
    "iv": "c11b...0e74",
    "authTag": "d7de...36dc",
    "keyVersion": "v2",
    "created": "2023-03-15T12:34:56Z",
    "updated": "2023-04-15T14:22:05Z"
}

This setup allows users to access real API credential information plotted clearly on the Show Credentials Page, facilitating secure information management in various organizational contexts.