Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-62866

user authentication using vault servers for json secret files 0 security

    XMLWordPrintable

Details

    • Untriaged
    • Linux x86_64
    • 0
    • Unknown
    • Critical

    Description

      curl -kg -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/rcp/secret/data/$CLUSTERNAME/$APPPATH/dep_cdb_login.json
      {"request_id":"a2d8cxxxx-xx7b-af0x-x6x8-225xxx435x63","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":

      {"COUCHBASE_BUCKET_NAME":"xxxxxxxxx","COUCHBASE_USER_NAME":"xxxxxxxxx","am_password":"admin123","am_username":"admin","bucket_password":"xxxxx123"}

      ,"metadata":{"created_time":"2023-02-24T13:06:59.224195015Z","custom_metadata":null,"deletion_time":"","destroyed":false,"version":5}},"wrap_info":null,"warnings":null,"auth":null}

      due to security reason we are not sharing exact info so we masked the content.

      using this token app users are trying to access the couchbase GUI without reaching DBA, we are warring documents are mutated with app or is some user logged in and modified using Couchbase GUI. 

      we need a option the user which is used for only application purpose which should not  login in GUI until admin enable the UI access. we need role for UI access also. please enable it. if it is not enabled during of user creation that user only can access db using cli or api.
      or if we can add roles for cli/reat api/ui all there is very nice in up coming user RBAC. 

      Attachments

        Activity

          People

            Abhijeeth.Nuthan Abhijeeth Nuthan
            kanamani92 naveen karanam
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              PagerDuty