Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set token header variable at env.SWWF_RESKEY #1929

Open
5 tasks
Tracked by #1922
humansinstitute opened this issue Nov 11, 2024 · 3 comments
Open
5 tasks
Tracked by #1922

Set token header variable at env.SWWF_RESKEY #1929

humansinstitute opened this issue Nov 11, 2024 · 3 comments
Assignees
@elraphty

Comments

@humansinstitute
Copy link
Contributor

humansinstitute commented Nov 11, 2024
edited
Loading

Context

  • Problem: The current system lacks a secure method to authenticate requests to the workflow endpoints, which could lead to unauthorized access and potential data breaches.
  • Need: To enhance security, it is necessary to set an environment variable for the token header that will be used for authenticating requests to the endpoints.
  • Fit: This change is part of a larger effort to implement secure and efficient workflow plumbing for Stakwork's common workflow system.
  • Background: This ticket is a prerequisite for implementing endpoint authentication, which will ensure that only requests with the correct token header are processed.

This is related to a broader project defined here:
For context see: #1922

System Schematic:
image

Design

  • Objective: Set an environment variable SWWF_RESKEY that will store the token used for authenticating requests to the workflow endpoints.
  1. confirm env variable for SWWF_RESKEY with Pete via Sphinx V2
  2. Update .env on staging prod
  3. Ensure that the value of SWWF_RESKEY is securely stored and accessed only by authorized components of the application.
  4. Update the application configuration to read the SWWF_RESKEY from the environment and use it in the request authentication process.
# Example .env file entry
SWWF_RESKEY=your_secure_token_here

Assignment Criteria

  • Required Knowledge/Skills: Familiarity with environment variable management, secure token handling, and basic authentication mechanisms.
  • Communication Channels: Ensure you are live on Sphinx V2 for any queries or discussions.

Acceptance Criteria

  • The SWWF_RESKEY environment variable is set in the appropriate configuration file or system.
  • The application can successfully read the SWWF_RESKEY from the environment.
  • The token is securely stored and not exposed in logs or error messages.
  • Documentation is updated to reflect the new environment variable and its purpose.
  • Test cases are created to verify that the token is correctly read and used in the authentication process.
@humansinstitute humansinstitute mentioned this issue Nov 11, 2024
Open
7 tasks
@Shoaibdev7
Copy link
Contributor

@humansinstitute could you assign me?

@saithsab877
Copy link
Contributor

@humansinstitute Please assign me?

@MahtabBukhari
Copy link
Contributor

@humansinstitute Could you please assign me?

@humansinstitute humansinstitute mentioned this issue Nov 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elraphty elraphty

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@elraphty @humansinstitute @MahtabBukhari @saithsab877 @Shoaibdev7