ali-master
commented
10 months ago If you agree to implement this feature, I would like to cooperate and accompany in its implementation.
Open ali-master opened 10 months ago
ali-master
commented
10 months ago If you agree to implement this feature, I would like to cooperate and accompany in its implementation.
dangtony98
commented
10 months ago Hi @ali-master,
With the current implementation that's being revised, the IP allowlisting feature restricts access to a project to a select set of IP addresses and/or CIDR range(s).
Is my understanding correct that you'd like to restrict access at a more granular level down to specific environments and not just project-wide?
I'm currently revising a related mechanism that may involve improvements to IP allowlisting as well such that you will be able to restrict usage of service tokens to specific IPs; these tokens can be scoped to specific environments and paths within them, thus achieving IP restrictions at even the path level.
This may be relevant. That said, I'd love to hop on a call to discuss how you envision this feature to play out; would you ind joining the community Slack here and pinging me — Tony (Infisical)?
Feature description
We have some microservices and about 15 backend engineers that work on these microservices and we have no
.envfile in the project unless for the Infisical AccessToken to get their private ENVs that it has written in.env.localfile which is ignored in Git. Our Microservices Envs are(their AccessToken stored in Kubernetes' SecureKey Manager):Why would it be useful?
If we were able to restrict the Access to the Project's ENVs by their IP we would have more security and also, human errors in this process will be reduced due to the lack of necessary access based on IP to the Infisical environment fetcher.
Additional context
Add any other context about the problem here.
From SyncLinear.com | ENG-95