Add Secret Access Rules
Registered by
Dave McCowan
There are a variety of use cases where it would be useful to limit access to secrets on variables beyond RBAC.
Some examples:
Rate based: access to secrets allowed once per day or once per week.
Count based: secret may only be accessed one time.
Time based: secret may only be access during business hours.
Implementation of this blueprint would include:
Add an API to create, edit, list, and delete rules
Add an API to apply, remove, and list rules associated with a secret
It would be useful to allow users to combine rules through OR or AND boolean operations
The APIs should be designed to be extensible to cover rules based on a variety of factors.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Dave McCowan
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(?)