console icon indicating copy to clipboard operation
console copied to clipboard

Published 20 hours ago verified publisher icon phasehq

Print the name of the service token in application access logs

Open nimish-ks opened this issue 1 year ago • 3 comments

Is your feature request related to a problem?

image

Currently all service tokens are displayed as 🔑 Service token which makes it hard to trace access.

Describe the solution you'd like

image

  1. Print the name of the actual service used to access secrets in the logs
  2. Provide a link to similar to View this secret to view the service token.

Describe alternatives you've considered

Additional context

nimish-ks avatar Nov 14 '23 08:11 nimish-ks

Hi @nimish-ks I would like to work on this

Dhoni77 avatar Nov 14 '23 12:11 Dhoni77

@Dhoni77 All yours! Feel free to reach out to us on slack if you need any help / additional context -- https://slack.phase.dev

nimish-ks avatar Nov 14 '23 13:11 nimish-ks

@Dhoni77 Here's some more context on implementing this: The SecretEvent model is what we use to track CRUD changes to Secrets: https://github.com/phasehq/console/blob/f63640b21400d2b2305cd359f8f05abdf9082f74/backend/api/models.py#L309

As you can see, there's a user foreign key. If this user key is null, we assume this event was created by a service token. Instead, we need to create an additional, nullable 'token' foreign key for the Service Token model: https://github.com/phasehq/console/blob/f63640b21400d2b2305cd359f8f05abdf9082f74/backend/api/models.py#L243

Then, we'll need to handle the following:

  • Update graphql types: https://github.com/phasehq/console/blob/f63640b21400d2b2305cd359f8f05abdf9082f74/backend/backend/graphene/types.py#L161
  • Update the frontend queries for logs and display the token name instead of 'Service token': https://github.com/phasehq/console/blob/f63640b21400d2b2305cd359f8f05abdf9082f74/frontend/components/logs/SecretLogs.tsx#L264
  • Make sure the token is logged for each type of CRUD event via the REST api: https://github.com/phasehq/console/blob/f63640b21400d2b2305cd359f8f05abdf9082f74/backend/api/views.py#L294

As Nimish, said, feel free to join our Slack if you'd like any more context or have any questions!

rohan-chaturvedi avatar Nov 14 '23 13:11 rohan-chaturvedi

Hello, @rohan-chaturvedi , we would like to work on this issue under Fosshack 2024. Me and my teammate @viku3150 are well versed with the tech stack and the codebase and hence would like to take this forward. Please assign us for the same. Thank you.

nishaaannnt avatar Jul 26 '24 18:07 nishaaannnt

Screenshot 2024-07-27 at 1 55 14 PM @nimish-ks @rohan-chaturvedi Done. Was trying to recreate the issue and found it done. Also got it verified on call with @nimish-ks

nishaaannnt avatar Jul 27 '24 08:07 nishaaannnt

Screenshot 2024-07-27 at 1 55 14 PM @nimish-ks @rohan-chaturvedi Done. Was trying to recreate the issue and found it done. Also got it verified on call with @nimish-ks

Great!

rohan-chaturvedi avatar Jul 27 '24 08:07 rohan-chaturvedi