Recommended pattern for managing resource permissions

Is there a recommended pattern for, say, having a database resource, which is used by scripts.
The scripts themselves are in a folder which gives View access to operators.
Is there a way to give the operators access to run the scripts against the database resource, without giving them the ability to view the database resource secrets?

David ZhangOP•4/5/24, 6:54 AM

It seems like operators who only have view access to a secret can still decrypt the secret by toggling whether it's a secret or not

David ZhangOP•4/5/24, 6:55 AM

@windmill not sure if this is a bug or intended behavior? Here's a demo video showing the full behavior
https://www.loom.com/share/b57d1f70ca294c8eb5474ef0f7c70c50?sid=682fc3ed-621b-4e02-a857-f31816c2a9fb

Loom

Reproduction of Secret Access Issue

In this Loom, I demonstrate a reproduction of a secret access issue in Community Edition 1.299.1. I show how a user with only read access to a secret is able to load secret values, which is not intended behavior. This video provides important data and highlights a potential security vulnerability. Please watch the video to understand the issue a...

rubenf•4/5/24, 6:57 AM

Indeed, will fix. Thanks!

David ZhangOP•4/5/24, 7:02 AM

This seems like a potentially high impact vulnerability, was this shipped to enterprise customers or cloud customers as well?
Also could you keep me in the loop so I can upgrade once the fix goes out?
Thanks!

rubenf•4/5/24, 7:06 AM

It's fixed. Yes it's part of every edition. It would still create an audit log so it's tracable but it's indeed a high impact item.

David ZhangOP•4/5/24, 7:07 AM

Which tags/versions will this fix go out to?

rubenf•4/5/24, 7:09 AM

The next one, which should be available today, either 1.303.4 or 1.304.0

rubenf•4/5/24, 7:59 AM

@David Zhang releasing 1.303.4, will be ready in 15mins. Thanks for the report!