Global, shared secrets on the server level #431

New Issue

Open

opened 2023-03-06 13:55:45 +00:00 by decentral1se · 1 comment

decentral1se commented 2023-03-06 13:55:45 +00:00

Owner

Copy Link

You configure app A at foo_com and app B at bar_com. Then both need a shared secret. You generate and insert both with abra app foo_com secret insert ... and abra app bar_com secret insert ... but what if we could share a common secret across the two apps? It's already possible, you can reference a shared_smtp_secret_v1 between both apps if you reference this in your configuration by name. We could have a abra servers secret ... interface for creating these? Unsure. Also, not sure how we can reference these shared secrets when there are already secrets referenced in existing configuration that are not shared. You might already have a ${STACK_NAME}_smtp_pass_${SMTP_PASS_VERSION} in a recipe config? I think those were the thoughts! /cc @moritz

You configure app A at `foo_com` and app B at `bar_com`. Then both need a shared secret. You generate and insert both with `abra app foo_com secret insert ...` and `abra app bar_com secret insert ...` but what if we could share a common secret across the two apps? It's already possible, you can reference a `shared_smtp_secret_v1` between both apps if you reference this in your configuration by name. We could have a `abra servers secret ...` interface for creating these? Unsure. Also, not sure how we can reference these shared secrets when there are already secrets referenced in existing configuration that are not shared. You might already have a `${STACK_NAME}_smtp_pass_${SMTP_PASS_VERSION}` in a recipe config? I think those were the thoughts! /cc @moritz

decentral1se added the

enhancement

label 2023-03-06 13:55:45 +00:00

decentral1se commented 2023-03-24 08:38:14 +00:00

Author

Owner

Copy Link

@3wordchant and myself ran into another group (WASHNote) needing this. They have to deploy several instances of the same app and need a shared client secret for SSO. Would greatly simplify the deployment if we can get a convention going for this technique.

@3wordchant and myself ran into another group (WASHNote) needing this. They have to deploy several instances of the same app and need a shared client secret for SSO. Would greatly simplify the deployment if we can get a convention going for this technique.

decentral1se added the

documentation

label 2024-03-27 06:39:31 +00:00

decentral1se added this to the Documentation project 2025-04-20 06:04:31 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

No results found.

No results found.

Labels

Clear labels

abra

Everything to do with abra

abra-gandi

Abra Gandi plugin

awaiting-feedback

Ping/pong on comms

backups

bug

Something is not working

build

Go build related issues

ci/cd

Getting the robots into the mix

community organising

Opening this thing up

contributing

Contributors stuff

coopcloud.tech

Our main website

democracy

Democratic decision making

design

Design thinking required

documentation

Let's write things together

duplicate

This issue or pull request already exists

enhancement

New feature

finance

Money things

funding

Anything related to grant funding

good first issue

Easy start with development

help wanted

Need some help

installer

Installation related issues

kadabra

performance

Performance related

proposal

Large change which requires feedback & decisin making

question

More information is needed

recipes.coopcloud.tech

Our recipes catalogue

security

Securing our shit

test

Unit or integration test suite

wontfix

This won't be fixed

No Label

documentation

enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project Documentation

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: toolshed/organising#431

No description provided.