Protect git redeploy using access tokens #9884
BlaiseLebreton
started this conversation in
Ideas
Replies: 1 comment
-
I found this conversation because I was looking for documentation on how to use a PAT or other secret to authenticate a stack webhook. I'm surprised that this is not already a feature! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe.
Currently anyone knowing the URL of the webhook can trigger a redeploy (which IMO is a security issue)
Describe the solution you'd like
Give the option to protect the webhook using an user access tokens
http POST https://portainer:9443/api/stacks/webhooks/abcd X-API-Key:your_access-token
Additional context
We use github actions for our CD process (we redeploy some stacks using the webhook)
If our repos were public, anybody could get the url of the webhook and trigger redeploys which is a huge security flaw
We already use github secrets to protect some credentials, if the webhook was protected by an access token, that would allow us to prevent malicious redeploys
Beta Was this translation helpful? Give feedback.
All reactions