Current implementation of statedump will prompt a user for password for each end entity separately during the import, unless the --end-entity-password option is used.
Although this does provide quite a bit of flexibility (separate passwords for separate end entities), it makes it a bit cumbersome when there is more than a couple of end entities present in the statedump.
It would be nice if there was an option to toggle between providing a single password (used for all end entities), and providing a separate password for each single end entity.
There is even some benefits in making one-password-for-all end entities behaviour the default one (currently we mostly use the --end-entity-password).
The reason I'm asking for this feature instead of using the --end-entity-password option is in order to avoid leaking the password to other processes, and also being able to type-in the password interactively during the key ceremony without need to disconnect the monitor (so the password would not get leaked).
Some desirable characteristics for password-entry process:
- Figure out at the beginning of statedump if there are any end entities available in statedump, and if so present password prompt before proceeding with import.
- Password must be provided twice, in succession (i.e. enter/repeat password prompt), in order to avoid user mistypes.
Technically, if we had something like
ECA-3918, we could probably completely do away with providing password at this stage, maybe generating completely random passwords instead during import and not caring about them.