BarbaPulpe

@dansup
Do we actually need the ability to edit S3 keys? This is a very rare task and multiplying the key storage to several locations does not seem good for security, to enable a task which does not require to be done from the UI in my opinion.

2
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
๐ŸŒˆ BarbaPulpe ๐Ÿ˜‡

@dansup
Even the S3 portal UI will only show you the secret once (on creation of the API key). Compromising that key leaves all your files open to leakage or deletion, so I'm very cautious in storing it in a redis cache unencrypted.

1
9mo
dansup

@barbapulpe I'll leave that up to each admin to decide, you will have the ability to disable this entirely if you choose and just use ENV vars

1
9mo
Replies