Is your feature request related to a problem? Please describe.
As stated in the README of this project "the PagerDuty plugin requires the /pagerduty proxy endpoint be exposed by the Backstage backend as an unprotected endpoint". This raises some security concerns as it leaves the PagerDuty API open to anyone with access to Backstage, without the need to provide any credentials.
Describe the solution you'd like
Backstage documentation recommend using a backend plugin to mitigate this issue. See here
Anyone with access to your Backstage deployment will be able to make requests to the upstream service using the injected credentials. It is recommended that you instead create a backend plugin that forwards individual requests to the upstream service in a secure way
This page documents the process of developing backend plugins
Describe alternatives you've considered
A likely easier alternative, but still not as safe, would be to log each request to the PagerDuty API with the user ID of the requester. This would at least give us a place to start to investigate any potential security incidents.
Is your feature request related to a problem? Please describe.
As stated in the README of this project
"the PagerDuty plugin requires the /pagerduty proxy endpoint be exposed by the Backstage backend as an unprotected endpoint"
. This raises some security concerns as it leaves the PagerDuty API open to anyone with access to Backstage, without the need to provide any credentials.Describe the solution you'd like
Backstage documentation recommend using a backend plugin to mitigate this issue. See here
Describe alternatives you've considered
A likely easier alternative, but still not as safe, would be to log each request to the PagerDuty API with the user ID of the requester. This would at least give us a place to start to investigate any potential security incidents.