You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NOTE: This is a draft and is not finalize yet. We'll have to polish it until we all agreed on the approach.
Only give api keys the necessary permissions.
Read
Write
Read/Write
User defined limits for certain actions (ex: "An Api key limited to only upload one file")
This could be used to implement a temporary pre signed url/api-key for serverless uploads
User requests to upload a file a file from the frontend -> frontend receives a temporary api key from Estuary -> Frontend uses the temporary api key to directly upload the file to Estuary
The text was updated successfully, but these errors were encountered:
This is cool! Right now it's easy to make a new API key with a short time expiration date. Could we augment that to also limit the number of times a key can be used? If we can that should allow us to make one time keys. It doesn't necessarily let us make keys with a singular use though. I think we can also add in for a key specific endpoints or verbs (get vs post) that we want to allow. I like this idea overall a lot! I believe we want to change auth in the near future to use meta mask type logins but I can't think of any future plans that this proposal conflicts with
This is good. We can create a ACL and permission rules and define the rules using echo middleware to detect the user permissions. We can define functions for each permission and we can write the logic for each permission and ID them so we can assign multiple permission rules per user.
I imagine we will have the following permission types.
readOnlyPerm
writeOnlyPerm
readWritePerm
uploadOnlyPerm
oneTimeUseTempKeyPerm
tempKeyGeneratorPerm
uploadFromSignedPerm
yourCustomFuncWithYourLimitLogicPerm
and the api key table will have a permission column with an array of permissions.
When a user wants to upload, estuary sends a new API key for the user with an "upload one file only" permission. API key is passed from frontend and directly upload it to estuary.
Idea/Proposal: Build permissions for Api Keys and Pre signed upload urls.
Proposal
NOTE: This is a draft and is not finalize yet. We'll have to polish it until we all agreed on the approach.
Only give api keys the necessary permissions.
The text was updated successfully, but these errors were encountered: