Giter VIP home page Giter VIP logo

Comments (4)

epall avatar epall commented on May 20, 2024

Yes! Though passphrase + SSH key is basically two factors already, we should support IAM Multi-Factor Auth.

from hologram.

sciurus avatar sciurus commented on May 20, 2024

I was wondering abut SSH key security; do you have a way of enforcing a passphrase?

from hologram.

gaylatea avatar gaylatea commented on May 20, 2024

It's probably outside the scope of Hologram to try and enforce passphrases; we just delegate to the user's ssh-agent for that. Better development environment setup tools should take care of that.

wrt Multi-Factor Auth, we were unsure of how to get the UX right for it. Ideally Hologram is invisible to the user unless they need to change roles. Is it possible to just do the MFA dance once, whenever you do hologram me or hologram use [role]?

from hologram.

copumpkin avatar copumpkin commented on May 20, 2024

I was actually thinking about this a bit more, and think it could add additional security. It's probably most relevant for cross-account access (which will probably become more useful after authorization support in #14), but supporting IAM MFA functionality would allow people to place less trust in the hologram server.

Scenario without MFA:

  • High-security account trusts hologram role to allow users to assume it.
  • Hologram server, if compromised/buggy, could grant arbitrary access to high-security account

Scenario with MFA:

  • High-security account trusts hologram role + MFA
  • Hologram server can only grant access to high-security account with additional factor that is not in its possession. It could still do bad things with an MFA token passing through it but it would expire and would thus limit the potential for bad behavior.

I still don't have a good sense of what a UI would look like though 😄

from hologram.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.