Closed dberenbaum closed 1 year ago
There are whole services that have a standalone product from this idea, e.g., https://github.com/TaptuIT/awesome-devsecops#secrets-management.
On the large scale users will probably want to stick to the tool which allows them to manage secrets/env variables more broadly than just the credentials stored in the Studio. In addition, it adds some security concerns that we'll need to take care of.
Does it maybe make sense to instead integrate with some tools that already exist, or suggest some ready sharing flows for the users in the documentation?
Closing in favor of https://github.com/iterative/studio/issues/5177, which I think accomplishes the same goals, and is likely more secure than actually exposing credentials to other users.
This is an idea from discussions with @omesser and @daavoo. If I have a DVC remote with sensitive credentials, it would be nice to have Studio expose some secure way for me to share these with my team. When they want to start developing on my DVC repo, they can do
git clone
followed by something likedvc studio init
, which could take them to retrieve the Studio token, save that in.dvc/config.local
for any Studio interactions, and use that to automatically save their remote credentials in.dvc/config.local
(assuming that I have already saved those credentials in Studio).