Closed nicholaspcr closed 1 year ago
I don't think this is a good idea. I can see why this info is needed in the notification but I'm concerned about potential future bugs leading to privacy breaches. See https://github.com/TheThingsIndustries/lorawan-stack/issues/3384
Alternative idea presented during the last TTS meeting was instead of adding who created the API key to the email it should be stored on IS and presented in the console.
This item will be a part of broader audit logging. I'll take it up then.
Summary
The email template for API_KEY creation informs about the creation of said key but it does not provide who is the entity responsible for its creation, leaving the email which should provide context to admins without an important information.
Current Situation
What is described on the summary, emails don't inform who is creating the api_key.
Why do we need this? Who uses it, and when?
So that the email can provide a more detailed information regarding api_key creations.
Proposed Implementation
Requirements:
AuthInfoResponse.GetEntityIdentifiers()
into theapi_key_create
template.api_key_change
template as well.Contributing
Code of Conduct