phillxnet
commented
8 months ago The relevant UI template for this issue is as follows:
src/rockstor/storageadmin/static/storageadmin/js/templates/access_keys/add_access_key.jst
Given the sensitivity of this mechanism, and it's likely rather niche use, it may make for a good first htmx conversion.
Since "Update django-oauth-toolkit #2710" #2727 we can no longer retrieve the raw secret we auto-generate when adding a new Access Key: - rendering this capability unusable. To re-enable this facility, it is proposed that we add the ability to present within the Web-UI, just prior to save, the proposed secret; with the ability to enter/edit.
Currently, during entry, we have:
where the associated access key ID & secret are auto-generated.
However give django-oauth-toolkits change of stance re it's storage & retrieval of this key, we must now manage these secrets ourselves. In the special case of our internal
cliappapp we now alternatively manage the secret via OS providedpass: see:Adopt dedicated secrets management library #2728 #2758
And ongoing issue: Replication secret encrypted in Web-UI #2759
But for external/custom Access Key additions we could simply present the proposed new Access Key secret (with enter/edit option) along with a warning indicating that its retrieval will: there-after no longer be possible. This is more in line with modern practice and informs the user that they are responsible for recording the generated/edited/entered secret, so that it might be transferred to the relevant external application; while hence forth no longer being accessible from the Rockstor instance.