Recommended pattern for managing resource permissions
Is there a recommended pattern for, say, having a database resource, which is used by scripts.
The scripts themselves are in a folder which gives View access to operators.
Is there a way to give the operators access to run the scripts against the database resource, without giving them the ability to view the database resource secrets?
7 Replies
It seems like operators who only have view access to a secret can still decrypt the secret by toggling whether it's a secret or not
@windmill not sure if this is a bug or intended behavior? Here's a demo video showing the full behavior
https://www.loom.com/share/b57d1f70ca294c8eb5474ef0f7c70c50?sid=682fc3ed-621b-4e02-a857-f31816c2a9fb
Loom
Reproduction of Secret Access Issue
In this Loom, I demonstrate a reproduction of a secret access issue in Community Edition 1.299.1. I show how a user with only read access to a secret is able to load secret values, which is not intended behavior. This video provides important data and highlights a potential security vulnerability. Please watch the video to understand the issue a...
Indeed, will fix. Thanks!
This seems like a potentially high impact vulnerability, was this shipped to enterprise customers or cloud customers as well?
Also could you keep me in the loop so I can upgrade once the fix goes out?
Thanks!
It's fixed. Yes it's part of every edition. It would still create an audit log so it's tracable but it's indeed a high impact item.
Which tags/versions will this fix go out to?
The next one, which should be available today, either 1.303.4 or 1.304.0
@David Zhang releasing 1.303.4, will be ready in 15mins. Thanks for the report!