-
Notifications
You must be signed in to change notification settings - Fork 85
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
stop auto-generating auth tokens (#3670)
Today we try to make the networks secure by default by auto-generating an auth token if the user does not provide one. There has been a long discussion about this that you can find [here](https://github.com/bacalhau-project/expanso-planning/issues/518). The summary is: 1. Adds complexity to user onboarding as they will have to go through the logs or console output to figure out and copy the auto-generated token 2. We are printing the generated auth token in plain text in the console 3. I prefer to decouple auto-auth from launching NATS as our transport layer 4. While better than making the network open, token based auth is not secure enough and we don't want to give the impression to the users that their networks are secure be default. Reasons include: 1. Token based auth doesn't encrypt traffic on transit 1. We are using a global token and don't identify or authorize the compute nodes differently 2. No easy way to rotate or expire the token 1. We are planning to add more auth options in the future that are more secure than global tokens, and this shouldn't be the default for our users This PR enables users to run open networks which will simplify testing out bacalhau, and they will need to provide their auth token to secure their networks instead of us doing magic on their behalf and generating a random one for them. In the future it might make more sense to fail the network from starting if not secure instead of doing some magic
- Loading branch information
Showing
17 changed files
with
84 additions
and
164 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.