nitram509
commented
9 months ago Hi,
the Zeebe Simple Monitor did start as a simple tool for developers and so never had the need for security. I understand that there are many installations out there in production environments, which is totally fine. That said, adding security is not that high on the prio list, since there are very simple ways of securing already possible, like e.g. using a Kubernetes Sidecar with an OAuth flow and e.g. Github as an identity provider. (Just google for general examples).
That said, I would be fine with optional features - which in terms of security mostly depend on the implementation.
Since you implemented the feature already, please feel free to open a PR and comment your ideas and solution approach. Also, I you're aware of e.g. restrictions of your patch, please state them, so we can have a fruitful conversation.
PS: if your patch is still work in progress, feel free to open a "draft pr".
Motivation: In the current landscape of enterprise applications, security is of paramount importance. With the rising popularity of Zeebe Simple Monitor, we believe it is imperative to enhance the platform's security features by integrating with Keycloak, an open-source Identity and Access Management solution.
Community Impact: Adding Keycloak authentication will make Zeebe Simple Monitor more appealing to a wider audience, particularly users with projects that require strict security requirements. It will enhance the project's reputation, attract more contributors, and solidify its position as a secure and reliable tool for monitoring Zeebe instances.
Feature description: The application will have secured access through Keycloak, ensuring that only authenticated users can access and view it. The ability to enable or disable this feature will be added and will be set based on the user's preference and specific use case.
I have this feature ready in my fork and it will be a matter of just patching it here. But before opening a PR I would like to discuss it with the maintainers as stated in your contribution guide.