API/Access management request

rit001 · April 27, 2022, 3:40pm

I need some way to allow an external program to update a single secret, but currently the granularity is only at the config level, not the individual secret level.

The reason is that I have a build system that must update the secret store with the current release tag, but that would mean placing a curl command into the build process with a lot of people being able to see the authentication string and so gaining access to all the secrets in the config.

I can currently work around the issue by just having a defined Workplace/Project/Environment with many configs, each with a single secret and so an issued R/W Service Token for each secret, but I consider that an abuse of the platform even if I manage to stay under your limits/radar. Or if you consider such a configuration (within limits) valid please just let me know.

watsonian · April 27, 2022, 3:51pm

Hi @rit001,

Unfortunately, there’s no way to limit access at that granular a level right now. Probably your best option is what you described. Move the subset of secrets you need the build system to update into a separate config and issue a service token specifically for that config. You can then use secret referencing to have those values in any of the other configs for the project. Doing something like this is definitely not considered abuse, so feel free to do so!

Let me know if you have any additional questions surrounding this!

Thanks,
-Joel

Topic		Replies	Views
How to protect referenced secrets from being seen Need Help	5	503	February 15, 2023
Updating referenced secret names updates references Feature Requests	4	715	April 11, 2024
You do not have write access \| Updating Secret's note Need Help	0	102	January 20, 2024
Add support for syncing secrets to Auth0 Feature Requests	1	928	May 25, 2022
Referenced Secrets should be rendered (and notes pulled) in the projects that are pulling them in Feature Requests	2	705	May 2, 2021

API/Access management request

Related Topics