This website uses cookies. By clicking OK, you consent to the use of cookies. Read our cookie policy.
Accept
Reject
Community

[Vulnerability] Visible github token

thomaslprru
Level 2
‎04-20-2023 11:19 AM
[Vulnerability] Visible github token

Hi, 

I just observed that the Dataiku interface keeps the GitHub token visible when cloning plugin from remote repository (see below). 

ApplicationFrameHost_Ci14rOWL5Y.png

 

 

For security purposes, is it possible to hide it as it already exists when setting up the remote branch in plugin development mode (see below).

chrome_RfO5wr1XkN.png

 

Thanks in advance,

Thomas

Operating system used: Windows

0 Kudos
Reply
3 Replies
AlexT
Dataiker
‎04-20-2023 11:55 AM

Hi @thomaslprru ,

It would better if can open support so we can better track this question.

You don't have to use the credentials/token in the remote origin URL directly. You should use SSH Keys or cached https credentials instead. Various options are detailed here:


https://stackoverflow.com/questions/46645843/where-to-store-my-git-personal-access-token

https://stackoverflow.com/questions/10054318/how-do-i-provide-a-username-and-password-when-running-g...

Thanks

Reply
tgb417
Neuron
Neuron
‎04-20-2023 02:18 PM

@thomaslprru 

Once you figure out what you think the best approach is for this.  I'd love to hear what you conclude the best approach would be.

--Tom
Reply
thomaslprru
Level 2
Author
‎06-12-2023 10:30 AM

Hi,

 

Thanks for the answers. I decided to use https credentials cache because it was the easiest method to implement. 

 

Reply

Setup info

?
A banner prompting to get Dataiku
Didn't Find What You Needed?

Post a Question

Help me …
… ask a question … search for an answer … learn to use the Community