Redesign plugin configuration to work with --plugin-secret

Question

Redesign plugin configuration to work with --plugin-secret

Closed this issue 4 years ago · 5 comments

While working on #7 (live demo) I realized that the suggested mechanism for keeping password hashes private - the --plugin-secret mechanism - doesn't actually work - because that mechanism only works for secrets at the root of the plugin configuration, not secrets that are nested further down.

This is a huge problem. Even hashed passwords should not be exposed as visible in metadata.json.

So I need a better solution to hiding them - a solution which is probably going to involve changes to Datasette core.

Answer 1 · 2020-07-13T19:39:17.000Z

One possibility: make /-/metadata itself subject to a permission check, then document how to forbid access to it.

Answer 2 · 2020-07-13T19:42:20.000Z

Potential short-term fix: redesign the datasette-auth-passwords plugin configuration to allow for passwords to be set at the root level of the config, e.g. as "user1_password_hash": "..."

Answer 3 · 2020-07-13T20:06:19.000Z

OK, that's how I'm going to do this. New configuration format design:

{
    "plugins": {
        "datasette-auth-passwords": {
            "actors": {
                "user1": {
                    "id": "user1",
                    "name": "Your name"
                }
            },
            "user1_password_hash": {
                "$env": "HASH_1"
            }
        }
    }
}

Answer 4 · 2020-07-13T20:07:14.000Z

This is really just a stop-gap measure unti SQL configuration is available in #6.

Answer 5 · 2020-07-13T20:07:44.000Z

The "actors" bit will be optional - without it each actor will default to just {"id": "your_username"}