Skip to content

Decrypt Protected Settings in VMSnapshot Extension for FIPS 140-3 AES256 support and backward compatibility for DES_EDE3_CBC encryption#2122

Merged
deveshjagwani merged 4 commits intomasterfrom
dev/dejagwan/fips140
Mar 13, 2026
Merged

Decrypt Protected Settings in VMSnapshot Extension for FIPS 140-3 AES256 support and backward compatibility for DES_EDE3_CBC encryption#2122
deveshjagwani merged 4 commits intomasterfrom
dev/dejagwan/fips140

Conversation

@deveshjagwani
Copy link
Copy Markdown
Contributor

@deveshjagwani deveshjagwani commented Nov 3, 2025

FedRamp requirement security task: 34614091

@deveshjagwani deveshjagwani changed the title Decrypt protected settings with FIPS 140-3 AES256 support and backward compatibility for DES_EDE3_CBC encryption Decrypt Protected Settings in VMSnapshot Extension for FIPS 140-3 AES256 support and backward compatibility for DES_EDE3_CBC encryption Nov 3, 2025
ppusuluri-ms
ppusuluri-ms reviewed Nov 3, 2025
View reviewed changes
Comment thread VMBackup/main/Utils/HandlerUtil.py
ppusuluri-ms
ppusuluri-ms requested changes Nov 3, 2025
View reviewed changes
Comment thread VMBackup/main/Utils/HandlerUtil.py
arisettisanjana
arisettisanjana reviewed Mar 10, 2026
View reviewed changes
Comment thread VMBackup/main/Utils/HandlerUtil.py
arisettisanjana
arisettisanjana reviewed Mar 10, 2026
View reviewed changes
Comment thread VMBackup/main/Utils/HandlerUtil.py
Fix sensitive data logging in _decrypt_protected_settings and _parse_…
4e40f48 
…config

- Suppress waagent internal logging of decryption commands (chk_err=False, log_cmd=False)
- Log only exception type name instead of full message in CMS/SMIME except blocks
- Remove raw settings content from JSON error messages
- Move 'Config decoded correctly' log inside try block so it only logs on success
@arisettisanjana
Copy link
Copy Markdown
Contributor

arisettisanjana commented Mar 12, 2026

guest side path is validated right?

@deveshjagwani deveshjagwani merged commit 41f38fb into master Mar 13, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arisettisanjana arisettisanjana arisettisanjana approved these changes

@ppusuluri-ms ppusuluri-ms ppusuluri-ms approved these changes

@vityagi vityagi Awaiting requested review from vityagi

@mearvind mearvind Awaiting requested review from mearvind

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deveshjagwani @arisettisanjana @ppusuluri-ms