App Secret should not be visible in DSS settings >> Connections >> Azure Blob Storage connection

Options
gdekruijf
gdekruijf Registered Posts: 2 ✭✭✭✭

In my opinion a visible app secret makes this app registration vulnerable to being used anonymously by anyone who is a admin in Dataiku (and untrusted friends). This field should be saved once, show never. As such, the app secret can only be used from within Dataiku, making any call to the Blob Storage auditable.

Can this be changed in a future release?

Answers

  • MickaelH
    MickaelH Dataiker, Registered Posts: 31 Dataiker
    Options

    Hi,

    Sorry for the late response. Thanks for pointing that out. Your request has been added to the backlog and will tackled in a future release.

    Regards,

Setup Info
    Tags
      Help me…