search

iterative / studio-support

❓ DVC Studio Issues, Question, and Discussions
https://studio.iterative.ai
16 stars 1 forks source link

Share credentials #68

Closed dberenbaum closed 1 year ago

dberenbaum commented 1 year ago

This is an idea from discussions with @omesser and @daavoo. If I have a DVC remote with sensitive credentials, it would be nice to have Studio expose some secure way for me to share these with my team. When they want to start developing on my DVC repo, they can do git clone followed by something like dvc studio init, which could take them to retrieve the Studio token, save that in .dvc/config.local for any Studio interactions, and use that to automatically save their remote credentials in .dvc/config.local (assuming that I have already saved those credentials in Studio).

mvshmakov commented 1 year ago

There are whole services that have a standalone product from this idea, e.g., https://github.com/TaptuIT/awesome-devsecops#secrets-management.

On the large scale users will probably want to stick to the tool which allows them to manage secrets/env variables more broadly than just the credentials stored in the Studio. In addition, it adds some security concerns that we'll need to take care of.

Does it maybe make sense to instead integrate with some tools that already exist, or suggest some ready sharing flows for the users in the documentation?

dberenbaum commented 1 year ago

Closing in favor of https://github.com/iterative/studio/issues/5177, which I think accomplishes the same goals, and is likely more secure than actually exposing credentials to other users.