-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🚀 Feature: Auto Endpoint and API Key variables #4902
Comments
Regarding endpoint, we could put containers on shared network with proper firewall config and allow Regarding API Keys, that's a bit more tricky. A solution I can see is to allow selecting scopes in functions settings, just like you can select scopes when creating API key. With both of these in place, an example code in Appwrite Function could potentially look like this: const sdk = require("node-appwrite");
module.exports = async function (req, res) {
const client = new sdk.Client();
const users = new sdk.Users(client);
res.json({
users: await users.list(),
});
};
|
@Meldiron thats exactly what I was thinking about. |
@Meldiron any updates? Do you need help? |
@Meldiron, one thing to keep in mind about this is HTTPS. If |
Well if its internal networking @stnguyen90 that wouldnt be a problem I think. The container would use the internal IP and not the public IP or domain I think. At least thats what got from @Meldiron |
@DEADSEC-SECURITY, I was pointing out about HTTPS vs HTTP rather than the IP/hostname. |
Any news on this feature request? |
🔖 Feature description
In docs if we want to use services we have to manually set APPWRITE_FUNCTION_ENDPOINT and APPWRITE_FUNCTION_API_KEY (possibly even more but those are the main ones).
My question is if these are basically required why not just have appwrite auto set them? Or at least have the option in settings so they are set automatically.
Following the same logic for API key we could even have auto rotation of keys by doing some settings in the function and it would add the env variables auto and every n time would refresh for security.
I think this was clear but let me know what you guys think
🎤 Pitch
Well these env variables are basically used 99% of the time so to prevent human errors would be cool to have them auto setted or at least have the option to do so.
Also with the injection of api key env we could later on have auto key rotation which would be a big security improvement in my opinion.
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: