Open rkg-mm opened 1 year ago
I agree these improvements are welcome/needed, but probably should be moved to https://github.com/stevespringett/Alpine ?
If this is part of the alpine framework, then yes :D
Alpine doesn't automatically create API keys for teams, it's parametrized: https://github.com/stevespringett/Alpine/blob/master/alpine-infra/src/main/java/alpine/persistence/AlpineQueryManager.java#L559
Dependency-Track invokes the inherited AlpineQueryManager#createTeam method with the "true" parameter which generates the API key: https://github.com/DependencyTrack/dependency-track/blob/master/src/main/java/org/dependencytrack/resources/v1/TeamResource.java#L135
The simplest fix would be changing true to false.
@mprencipe That sounds like a sensible thing to do. Do you fancy raising a PR for this?
@rkg-mm:
- It shall be able to generate API keys by admins, ideally with an additional comment or name, to document the purpose
Comments to document the purpose is coming in v4.11, as per https://github.com/DependencyTrack/frontend/pull/768.
- (Ideally) Creation Date and Last usage date should be shown next to the API key for the admin to be able to clear up
Timestamps to track creation and "last used" timestamps are coming in v4.11, as per https://github.com/DependencyTrack/frontend/pull/768.
This was shipped in v4.9.
Sure, I can raise a PR.
Current Behavior
Each team gets an API key automatically. All API keys are visible for admins in the web interface (therefore must be stored somewhere in plaintext or only encrypted to be revertable).
Proposed Behavior
Checklist