Skip to content

Commit 1183701

Browse files
committed
docs(auth): scrub residual SSH handshake secret references
Sweep across docs, e2e scripts, the Podman driver README/NETWORKING notes, the RPM/Helm/setup guides, the gateway man page, and RFC 0003 to remove instructions and examples that still referenced OPENSHELL_SSH_HANDSHAKE_SECRET / --ssh-handshake-secret / ssh_handshake_skew_secs. The mechanism is gone; nothing should still suggest setting it. Negative-assertion regression tests are kept so the env var cannot silently be re-introduced.
1 parent 1df4404 commit 1183701

12 files changed

Lines changed: 23 additions & 53 deletions

File tree

CONTRIBUTING.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -152,10 +152,6 @@ cargo build -p openshell-prover --features bundled-z3
152152
# One-time trust
153153
mise trust
154154

155-
# Podman and Kubernetes drivers require an SSH handshake secret.
156-
# Set any value for local development:
157-
export OPENSHELL_SSH_HANDSHAKE_SECRET=dev-secret
158-
159155
# Run a standalone gateway for local development
160156
mise run gateway
161157
```

crates/openshell-driver-podman/NETWORKING.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -400,7 +400,7 @@ bind-mounted into sandbox containers by the Podman driver.
400400
| DNS | Kubernetes CoreDNS | Podman bridge DNS through aardvark-dns when DNS is enabled. |
401401
| Network policy | Kubernetes network policy for pod ingress plus supervisor policy | iptables inside inner sandbox netns plus supervisor policy. |
402402
| Supervisor delivery | Kubernetes driver managed pod image or template | OCI image volume mount. |
403-
| Secrets | Kubernetes Secret volume and env vars | Podman `secret_env` for handshake secret, plus mounted TLS files. |
403+
| Secrets | Kubernetes Secret volume and env vars | Mounted TLS client materials from a Podman secret. |
404404

405405
Both drivers use the same reverse gRPC relay for SSH transport. The most
406406
important Podman-specific difference is network reachability: in rootless

crates/openshell-driver-podman/README.md

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -197,12 +197,13 @@ The standalone `openshell-driver-podman` binary sets the same struct field from
197197

198198
## Credential Injection
199199

200-
The SSH handshake secret is injected via Podman's `secret_env` API rather than
201-
a plaintext environment variable.
200+
Sandboxes authenticate to the gateway via mTLS using client materials bind-
201+
mounted into the container from a Podman secret. No shared per-request secret
202+
is injected as an environment variable.
202203

203204
| Credential | Mechanism | Visible in `inspect`? | Visible in `/proc/<pid>/environ`? |
204205
|---|---|---|---|
205-
| SSH handshake secret | Podman `secret_env`, created via secrets API and referenced by name | No | Yes, supervisor only, scrubbed from children |
206+
| mTLS client cert/key | Bind-mounted file paths (`OPENSHELL_TLS_*` env vars point at them) | Yes (paths only) | Yes (paths only) |
206207
| Sandbox identity | Plaintext env var | Yes | Yes |
207208
| gRPC endpoint | Plaintext env var, override-protected | Yes | Yes |
208209
| Supervisor relay socket path | Plaintext env var, override-protected | Yes | Yes |
@@ -250,8 +251,8 @@ sequenceDiagram
250251
```
251252

252253
Each step rolls back previously-created resources on failure. The Conflict path
253-
cleans up the volume and secret because they are keyed by the new sandbox's ID,
254-
not the conflicting container's ID.
254+
cleans up the volume because it is keyed by the new sandbox's ID, not the
255+
conflicting container's ID.
255256

256257
### Readiness and Health
257258

@@ -274,11 +275,9 @@ the socket without the old marker or published-port signal.
274275
4. Force-remove the container.
275276
5. Remove workspace volume derived from the request `sandbox_id`, warning on
276277
failure and continuing.
277-
6. Remove handshake secret derived from the request `sandbox_id`, warning on
278-
failure and continuing.
279278

280279
If the container is already gone during inspect or remove, the driver still
281-
performs idempotent volume and secret cleanup using the request `sandbox_id` and
280+
performs idempotent volume cleanup using the request `sandbox_id` and
282281
returns `Ok(false)` for the container-delete result. This prevents leaked
283282
Podman resources after out-of-band container removal or label drift.
284283

crates/openshell-driver-podman/src/driver.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -378,8 +378,8 @@ impl PodmanComputeDriver {
378378
.await;
379379

380380
// Remove container. If NotFound, the container was removed between
381-
// inspect and here (TOCTOU race); proceed with volume/secret cleanup
382-
// since those resources are idempotent to remove.
381+
// inspect and here (TOCTOU race); proceed with volume cleanup
382+
// since the workspace volume is idempotent to remove.
383383
let container_existed = match self.client.remove_container(&name).await {
384384
Ok(()) => true,
385385
Err(PodmanApiError::NotFound(_)) => false,

deploy/man/openshell-gateway.8.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ The unit runs two **ExecStartPre** scripts on first start:
137137

138138
1. **init-pki.sh** generates a self-signed PKI bundle for mTLS.
139139
2. **init-gateway-env.sh** generates the environment configuration
140-
file with an auto-generated SSH handshake secret.
140+
file.
141141

142142
Both scripts are idempotent and skip generation if their output files
143143
already exist.

deploy/rpm/QUICKSTART.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,6 @@ systemctl --user enable --now openshell-gateway
6363
On first start, the gateway automatically generates:
6464

6565
- A self-signed PKI bundle (CA, server cert, client cert) for mTLS
66-
- An SSH handshake secret for sandbox authentication
6766
- A commented configuration file at `~/.config/openshell/gateway.env`
6867

6968
> **Note:** The gateway binds to all interfaces (`0.0.0.0`) by default.

docs/kubernetes/setup.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ helm upgrade --install openshell \
7777
--namespace openshell
7878
```
7979

80-
The chart automatically generates PKI secrets and an SSH handshake secret on first install using pre-install Helm hooks. No manual secret creation is required.
80+
The chart automatically generates PKI secrets on first install using pre-install Helm hooks. No manual secret creation is required.
8181

8282
## Wait for the gateway to be ready
8383

e2e/python/test_sandbox_providers.py

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -276,20 +276,6 @@ def wait_for_token(sb: Sandbox, expected: str) -> None:
276276
# ===========================================================================
277277

278278

279-
def test_ssh_handshake_secret_not_visible_in_exec_environment(
280-
sandbox: Callable[..., Sandbox],
281-
) -> None:
282-
def read_handshake_secret() -> str:
283-
import os
284-
285-
return os.environ.get("OPENSHELL_SSH_HANDSHAKE_SECRET", "NOT_SET")
286-
287-
with sandbox(delete_on_exit=True) as sb:
288-
result = sb.exec_python(read_handshake_secret)
289-
assert result.exit_code == 0, result.stderr
290-
assert result.stdout.strip() == "NOT_SET"
291-
292-
293279
def test_create_sandbox_rejects_unknown_provider(
294280
sandbox_client: SandboxClient,
295281
) -> None:

e2e/rust/e2e-vm.sh

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -158,8 +158,6 @@ trap cleanup EXIT
158158

159159
# ── Launch the gateway + VM driver ───────────────────────────────────
160160

161-
SSH_HANDSHAKE_SECRET="$(openssl rand -hex 32)"
162-
163161
echo "==> Starting openshell-gateway on 127.0.0.1:${HOST_PORT} (state: ${RUN_STATE_DIR})"
164162

165163
# Pin --driver-dir to the workspace `target/debug/` so we always pick up
@@ -182,7 +180,6 @@ echo "==> Starting openshell-gateway on 127.0.0.1:${HOST_PORT} (state: ${RUN_STA
182180
--db-url 'sqlite::memory:' \
183181
--port "${HOST_PORT}" \
184182
--grpc-endpoint "http://host.containers.internal:${HOST_PORT}" \
185-
--ssh-handshake-secret "${SSH_HANDSHAKE_SECRET}" \
186183
--driver-dir "${ROOT}/target/debug" \
187184
--vm-driver-state-dir "${RUN_STATE_DIR}" \
188185
>"${GATEWAY_LOG}" 2>&1 &

e2e/with-podman-gateway.sh

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -316,7 +316,6 @@ HEALTH_PORT=$(e2e_pick_port)
316316
STATE_DIR="${WORKDIR}/state"
317317
mkdir -p "${STATE_DIR}"
318318

319-
HANDSHAKE_SECRET="e2e-podman-$(python3 -c 'import secrets; print(secrets.token_hex(16))')"
320319
E2E_NAMESPACE="e2e-podman-$$-${HOST_PORT}"
321320
PODMAN_NETWORK_NAME="${E2E_NAMESPACE}"
322321
ensure_e2e_podman_network "${PODMAN_NETWORK_NAME}"
@@ -348,7 +347,6 @@ e2e_export_gateway_restart_metadata \
348347
"${GATEWAY_LOG}" \
349348
"${GATEWAY_PID_FILE}"
350349

351-
OPENSHELL_SSH_HANDSHAKE_SECRET="${HANDSHAKE_SECRET}" \
352350
OPENSHELL_SUPERVISOR_IMAGE="${SUPERVISOR_IMAGE}" \
353351
OPENSHELL_NETWORK_NAME="${PODMAN_NETWORK_NAME}" \
354352
"${GATEWAY_BIN}" "${GATEWAY_ARGS[@]}" >"${GATEWAY_LOG}" 2>&1 &

0 commit comments

Comments
 (0)