sphinx-tribes icon indicating copy to clipboard operation
sphinx-tribes copied to clipboard
verified publisher icon stakwork

Set token header variable at env.SWWF_RESKEY

Open humansinstitute opened this issue 1 year ago • 3 comments

Context

  • Problem: The current system lacks a secure method to authenticate requests to the workflow endpoints, which could lead to unauthorized access and potential data breaches.
  • Need: To enhance security, it is necessary to set an environment variable for the token header that will be used for authenticating requests to the endpoints.
  • Fit: This change is part of a larger effort to implement secure and efficient workflow plumbing for Stakwork's common workflow system.
  • Background: This ticket is a prerequisite for implementing endpoint authentication, which will ensure that only requests with the correct token header are processed.

This is related to a broader project defined here: For context see: https://github.com/stakwork/sphinx-tribes/issues/1922

System Schematic: image

Design

  • Objective: Set an environment variable SWWF_RESKEY that will store the token used for authenticating requests to the workflow endpoints.
  1. confirm env variable for SWWF_RESKEY with Pete via Sphinx V2
  2. Update .env on staging prod
  3. Ensure that the value of SWWF_RESKEY is securely stored and accessed only by authorized components of the application.
  4. Update the application configuration to read the SWWF_RESKEY from the environment and use it in the request authentication process.
# Example .env file entry
SWWF_RESKEY=your_secure_token_here

Assignment Criteria

  • Required Knowledge/Skills: Familiarity with environment variable management, secure token handling, and basic authentication mechanisms.
  • Communication Channels: Ensure you are live on Sphinx V2 for any queries or discussions.

Acceptance Criteria

  • [ ] The SWWF_RESKEY environment variable is set in the appropriate configuration file or system.
  • [ ] The application can successfully read the SWWF_RESKEY from the environment.
  • [ ] The token is securely stored and not exposed in logs or error messages.
  • [ ] Documentation is updated to reflect the new environment variable and its purpose.
  • [ ] Test cases are created to verify that the token is correctly read and used in the authentication process.

humansinstitute avatar Nov 11 '24 02:11 humansinstitute

@humansinstitute could you assign me?

AbuBakar877 avatar Nov 11 '24 02:11 AbuBakar877

@humansinstitute Please assign me?

saithsab877 avatar Nov 11 '24 02:11 saithsab877

@humansinstitute Could you please assign me?

MahtabBukhari avatar Nov 11 '24 02:11 MahtabBukhari