https://linen.dev logo
d

Dejan Antonic

09/15/2021, 2:29 PM
Is this your first time deploying Airbyte: Yes OS Version / Instance: Ubuntu 21.4 VM Deployment: Kubernetes Airbyte Version: 0.29.17-alpha Hi team, Currently the way Airbyte’s entry of credentials is handled is through the UI. Secrets are masked when viewing credentials but they can be downloaded from the UI. The UI has no access controls so anyone with access to the cluster could access the UI. Is there a way to disable UI or make it read only so potential customers with access to UI can't use it to download config?
u

user

09/15/2021, 2:52 PM
@Dejan Antonic actually they can’t be downloaded from UI if they are marked as secret in spec. The fact of displaying the mask doesn’t mean that we are actually receiving secrets on UI.
u

user

09/15/2021, 3:09 PM
Dejan are you talking about workspace exports?
u

user

09/15/2021, 3:11 PM
@s yes that would be the case exactly, my use case for example is such that I use client_id and client_secret as well as refresh_token when defining a Salesforce source and then when I export configuration, I can see those keys in plain text within exported files
u

user

09/15/2021, 3:18 PM
At the moment we don’t have permissioning in airbyte OSS, only in airbyte cloud. If that’s not a solution you’d like to use, one workaround can be to enforce access controls via firewall access i.e: put airbyte behind a load balancer and only allow yourself access to the workspace export routes
u

user

09/15/2021, 4:03 PM
@abhi this is something we need to add in our docs 😃
d

Dejan Antonic

09/15/2021, 6:17 PM
Thanks guys, this may be enough to move us forward