Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Now that we support RegKeys, we should remove the user/password flags on nexd #1628

Open
chirino opened this issue Nov 10, 2023 · 2 comments
Open

Now that we support RegKeys, we should remove the user/password flags on nexd #1628

chirino opened this issue Nov 10, 2023 · 2 comments
Labels
apiserver Controller / API Server enhancement New feature or request nexd Nexodus agent

Comments

@chirino
Copy link
Member

chirino commented Nov 10, 2023

Describe the Problem Statement

To reduce the risk of user credentials being exfiltrated from a device, we should not allow them to be used to start a device. Only RegKeys or interactive OAuth device flows should be allowed to register a Device. Ideally, after registration, the device should only use the per device bearer tokens to auth the apiserver so that nexd does not need the RegKey or the user's Oauth token anymore and they can be removed from the device.

Describe the Enhancement

No response

Alternate Solutions

No response

Additional context

No response
@chirino chirino added enhancement New feature or request needs-triaging Issue/Enhancement needs assignment labels Nov 10, 2023
@github-project-automation github-project-automation bot moved this to 🆕 New in Nexodus Board Nov 10, 2023
@russellb
Copy link
Member

The one case where I would miss the user/pass support is in the development environment. It is really nice to be able to spin up test devices with a single command.

@chirino
Copy link
Member Author

chirino commented Nov 11, 2023

Maybe we could auto create a well known RegKey in dev environments.
That way you can still do single command registrations.

chirino added a commit to chirino/nexodus that referenced this issue Nov 12, 2023
@chirino
precursor for nexodus-io#1628: auto create a reg-key for the admin us…
d3bc560 
…er when the the apiserver is started in developer mode.

* update the nexd container messages to use reg-keys to start nexd.

Signed-off-by: Hiram Chirino <[email protected]>
chirino added a commit to chirino/nexodus that referenced this issue Nov 12, 2023
@chirino
precursor for nexodus-io#1628: auto create a reg-key for the admin us…
870ce0d 
…er when the the apiserver is started in developer mode.

* update the nexd container messages to use reg-keys to start nexd.

Signed-off-by: Hiram Chirino <[email protected]>
chirino added a commit to chirino/nexodus that referenced this issue Nov 13, 2023
@chirino
precursor for nexodus-io#1628: auto create a reg-key for the admin us…
45e8ab5 
…er when the the apiserver is started in developer mode.

* update the nexd container messages to use reg-keys to start nexd.

Signed-off-by: Hiram Chirino <[email protected]>
chirino added a commit to chirino/nexodus that referenced this issue Nov 14, 2023
@chirino
precursor for nexodus-io#1628: auto create a reg-key for the admin us…
9c899f7 
…er when the the apiserver is started in developer mode.

* update the nexd container messages to use reg-keys to start nexd.
* change the RegKey prefix from `RT:` to `RK:`

Signed-off-by: Hiram Chirino <[email protected]>
chirino added a commit to chirino/nexodus that referenced this issue Nov 14, 2023
@chirino
precursor for nexodus-io#1628: auto create a reg-key for the admin us…
d9e225e 
…er when the the apiserver is started in developer mode.

* update the nexd container messages to use reg-keys to start nexd.
* change the RegKey prefix from `RT:` to `RK:`

Signed-off-by: Hiram Chirino <[email protected]>
mergify bot added a commit that referenced this issue Nov 14, 2023
@mergify
Merge pull request #1642 from chirino/create-admin-reg-key
06b115d 
precursor for #1628: auto create a reg-key for the admin user ...
@russellb russellb added nexd Nexodus agent apiserver Controller / API Server and removed needs-triaging Issue/Enhancement needs assignment labels Nov 15, 2023
@russellb russellb moved this from 🆕 New to 📋 Backlog in Nexodus Board Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
apiserver Controller / API Server enhancement New feature or request nexd Nexodus agent
Projects
Nexodus Board
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chirino @russellb