Redesign plugin configuration to work with --plugin-secret
Closed this issue · 5 comments
While working on #7 (live demo) I realized that the suggested mechanism for keeping password hashes private - the --plugin-secret
mechanism - doesn't actually work - because that mechanism only works for secrets at the root of the plugin configuration, not secrets that are nested further down.
This is a huge problem. Even hashed passwords should not be exposed as visible in metadata.json
.
So I need a better solution to hiding them - a solution which is probably going to involve changes to Datasette core.
One possibility: make /-/metadata
itself subject to a permission check, then document how to forbid access to it.
Potential short-term fix: redesign the datasette-auth-passwords
plugin configuration to allow for passwords to be set at the root level of the config, e.g. as "user1_password_hash"
: "..."
OK, that's how I'm going to do this. New configuration format design:
{
"plugins": {
"datasette-auth-passwords": {
"actors": {
"user1": {
"id": "user1",
"name": "Your name"
}
},
"user1_password_hash": {
"$env": "HASH_1"
}
}
}
}
The "actors"
bit will be optional - without it each actor will default to just {"id": "your_username"}