Idea

cool-daniel suggested Jan 27, '18

Secret key permission management

It would be usefull if you could set permissions for each secret key to limit its usage on specific categories like Player Data Management or Account management within the admin or server api while denying access to other categories of the api. This would enable admins to give out secret keys without exposing all functionality (like for example only letting a secret key call the GetPlayerProfile while not working for BanUsers)

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

larissa commented · Feb 12, 2018 at 06:46 PM

Agreed! :)

One addition to this: It would also be useful, to be able to limit it to executing certain cloudscript handlers

1 ·

Brent Batas (Lisk) commented · Jan 27, 2018 at 05:16 PM

Agreed, this is a good idea.

0 ·

david-marcelis commented Feb 19, '18

Want to upvote this issue. The idea of having the Server Key have access to the Admin API is scary. This means if a server or matchmaker was compromised, it gives permissions to change builds or worse.

Just a separation between Server Key, Matchmaker Key, and Admin Key would already greatly reduce the potential impact.

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Idea

Secret key permission management

1 Comment

Write a Comment

Navigation

Spaces

Your Opinion Counts

IDEA DETAILS

Related Ideas