-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: do not store clear api keys in internal storage #2555
Conversation
1d0cea9
to
c9cb2b8
Compare
c41e4bf
to
f17c37f
Compare
…it kuzzle on port 7512
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kuzzle need to log a big WARNING message when it uses a seed that is stored in ES to informa that it's ok on dev environements, but NEVER on production environement
I'll pass it to draft to let time to @rolljee to do manuals test to try finding side effects |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just tested on a local environment with already created API Keys by deleting the doc containing seed and pass it have env variable. Worked like a charm
Co-authored-by: Ricky <[email protected]>
Co-authored-by: Florian Maunier <[email protected]>
Quality Gate passedIssues Measures |
🎉 This PR is included in version 2.34.0-beta.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
🎉 This PR is included in version 2.34.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
KUZSUPPORT-68
Goals:
_persistSecret
method to use a_initSecret
that will load secret at backend startTokenRepository
init
method to detect seed changes and invalidate all tokensexpired
if token is invalid && expired (not fully sure it is possible but hey, costs nothing)authToken
config support becausejwt
is deprecated butauthToken
is not usable_getSecret
wich is not necessary anymore.ENV
review point of interest :