New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Basic Auth #32
Comments
This is on the roadmap and makes sense. I'm not sure if a header/key can be used through a web-browser, but basic auth over SSL may serve this purpose? |
I'm not a developer, but this seems not so difficult to implement |
Related -> #36 |
See also for the API Key example - https://github.com/alexellis/faas/tree/master/sample-functions/ApiKeyProtected |
Thanks a lot, now we can add protection inside function.Maybe another option, is to do protection on the gateway directly. API KEY are defined on the gateway for each function. |
See also my blog post on swarm secrets with Github. http://blog.alexellis.io/swarm-secrets-in-action/ Have you created any of your own functions yet? Any other ideas/feedback will be appreciated. :-) |
@edouardkleinhans this can be done by putting Kong in front of your API gateway. |
Implemented and released in a guide. |
It would be great to have a basic security on admin ui and / or function call
Expected Behavior
The goal would be to provide an API token to enble basic security on gateway UI access and function call.
Current Behavior
There is no security to access gateway UI or call a function. Anybody that have access to ui can add a function.
Possible Solution
Add an API key for each call to gateway UI to secure access.
Add an generated API key for each function in order to secure access to them
see https://foobar123.com/serverless-security-594942b496ec
The text was updated successfully, but these errors were encountered: