threat-dragon
threat-dragon copied to clipboard
OWASP
Support storage backends other than github
Describe what problem your feature request solves Instead of using github repositories for storage of threat models, I'd like to store them all in an alternative centralized storage mechanism (I have a strong affinity to AWS, so s3 would be my preference)
Describe the solution you'd like Introduce a storage mechanism configuration and support options like which cloud provider (aws, azure, google) and any relevant configuration options for each one (for AWS, this would probably just be bucket name and region). Of course, this introduces a new dependency on IAM credentials for the service, which I'd say is an exercise left to the reader (I'd personally launch threat-dragon as a containerized workload in AWS and attach an IAM role, but others assumedly would want to set AWS_ACCESS_KEY_ID etc.)
Certainly sounds good to me - are you able to contribute time for this @danielpops (no harm in asking I hope)?
@jgadsden honestly probably not in the very near future :) I'm definitely not up to speed yet on the overall codebase / design to propose a design for this, though I am very interested in the functionality.
Implementation should be very similar to #1 so I will progress a PR. Highlighting now so you can shut this down if you dont want it.
Intent is:
- New auth provider as 'AWS', which triggers the AWS OIDC - https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sso-oidc/
- Once auth'd as AWS create a new repository and use the S3 client - https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/s3/
May need to 'default' the branch screen to show a generic branch equivalent, possibly use S3 versioning.
excellent that you can work on this @steve-winter , thanks for taking this one on as well I am sure the community would find this useful so it is still well worth implementing this