David Zhang
David Zhang7mo ago

Recommended pattern for managing resource permissions

Is there a recommended pattern for, say, having a database resource, which is used by scripts. The scripts themselves are in a folder which gives View access to operators. Is there a way to give the operators access to run the scripts against the database resource, without giving them the ability to view the database resource secrets?
7 Replies
David Zhang
David Zhang7mo ago
It seems like operators who only have view access to a secret can still decrypt the secret by toggling whether it's a secret or not
No description
No description
David Zhang
David Zhang7mo ago
@windmill not sure if this is a bug or intended behavior? Here's a demo video showing the full behavior https://www.loom.com/share/b57d1f70ca294c8eb5474ef0f7c70c50?sid=682fc3ed-621b-4e02-a857-f31816c2a9fb
Loom
Reproduction of Secret Access Issue
In this Loom, I demonstrate a reproduction of a secret access issue in Community Edition 1.299.1. I show how a user with only read access to a secret is able to load secret values, which is not intended behavior. This video provides important data and highlights a potential security vulnerability. Please watch the video to understand the issue a...
rubenf
rubenf7mo ago
Indeed, will fix. Thanks!
David Zhang
David Zhang7mo ago
This seems like a potentially high impact vulnerability, was this shipped to enterprise customers or cloud customers as well? Also could you keep me in the loop so I can upgrade once the fix goes out? Thanks!
rubenf
rubenf7mo ago
It's fixed. Yes it's part of every edition. It would still create an audit log so it's tracable but it's indeed a high impact item.
David Zhang
David Zhang7mo ago
Which tags/versions will this fix go out to?
rubenf
rubenf7mo ago
The next one, which should be available today, either 1.303.4 or 1.304.0 @David Zhang releasing 1.303.4, will be ready in 15mins. Thanks for the report!