Is this your first time deploying Airbyte: Yes
OS Version / Instance: Ubuntu 21.4 VM
Airbyte Version: 0.29.17-alpha
Currently the way Airbyte’s entry of credentials is handled is through the UI. Secrets are masked when viewing credentials but they can be downloaded from the UI. The UI has no access controls so anyone with access to the cluster could access the UI.
Is there a way to disable UI or make it read only so potential customers with access to UI can't use it to download config?
09/15/2021, 2:52 PM
@Dejan Antonic actually they can’t be downloaded from UI if they are marked as secret in spec. The fact of displaying the mask doesn’t mean that we are actually receiving secrets on UI.
09/15/2021, 3:09 PM
Dejan are you talking about workspace exports?
09/15/2021, 3:11 PM
@s yes that would be the case exactly, my use case for example is such that I use client_id and client_secret as well as refresh_token when defining a Salesforce source and then when I export configuration, I can see those keys in plain text within exported files
09/15/2021, 3:18 PM
At the moment we don’t have permissioning in airbyte OSS, only in airbyte cloud. If that’s not a solution you’d like to use, one workaround can be to enforce access controls via firewall access i.e: put airbyte behind a load balancer and only allow yourself access to the workspace export routes
09/15/2021, 4:03 PM
@abhi this is something we need to add in our docs 😃
09/15/2021, 6:17 PM
Thanks guys, this may be enough to move us forward