[HPCC-25925] Provide access to user secrets from ECL code - HPCC

XML

Word

Printable

Details

Type: New Feature
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 8.6.26
Component/s: Code Generator, eclrtl, Security
Labels:
- Cloud

Pull Request URL:
https://github.com/hpcc-systems/HPCC-Platform/pull/16003
Roadmap:
2021q3
Roadmap Summary:
Provide users with access to a restricted category of secrets.

Description

Add support for retrieving user secrets from ecl code. There should be a check to ensure that they can be restricted to signed code.
It would be good to try and ensure that they cannot be added to log files etc., but that may prove tricky since we can't really mark them as tainted.

Likely to be more secure though than the alternatives of embedding in ecl code. Worth comparing with storing secrets in logical files.

Attachments

Issue Links

relates to

HPCC-25926 Option to restrict external service calls to signed code

Accepted

Sub-Tasks

Progress

Document ecl function 'getsecret'

Accepted

Jim DeFabia

Activity

People

Assignee:: Anthony Fishbeck

Reporter:: Gavin Halliday

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 18/Apr/22

Created:: 19/May/21 10:51 AM

Updated:: 06/May/22 8:51 AM

Resolved:: 06/May/22 8:51 AM