Comments (4)
Yes! Though passphrase + SSH key is basically two factors already, we should support IAM Multi-Factor Auth.
from hologram.
I was wondering abut SSH key security; do you have a way of enforcing a passphrase?
from hologram.
It's probably outside the scope of Hologram to try and enforce passphrases; we just delegate to the user's ssh-agent
for that. Better development environment setup tools should take care of that.
wrt Multi-Factor Auth, we were unsure of how to get the UX right for it. Ideally Hologram is invisible to the user unless they need to change roles. Is it possible to just do the MFA dance once, whenever you do hologram me
or hologram use [role]
?
from hologram.
I was actually thinking about this a bit more, and think it could add additional security. It's probably most relevant for cross-account access (which will probably become more useful after authorization support in #14), but supporting IAM MFA functionality would allow people to place less trust in the hologram server.
Scenario without MFA:
- High-security account trusts hologram role to allow users to assume it.
- Hologram server, if compromised/buggy, could grant arbitrary access to high-security account
Scenario with MFA:
- High-security account trusts hologram role + MFA
- Hologram server can only grant access to high-security account with additional factor that is not in its possession. It could still do bad things with an MFA token passing through it but it would expire and would thus limit the potential for bad behavior.
I still don't have a good sense of what a UI would look like though 😄
from hologram.
Related Issues (20)
- Support for WSL? HOT 1
- Consider ECS Task role support
- Install is broken HOT 1
- mTLS support would be nice
- M1 chip support
- Receiving panic when trying to run hologram-agent in a Kubernetes pod
- No ability to easily open AWS console using hologram credentials HOT 5
- Provide better error message when hologram-agent is not running HOT 1
- hologram-ping can not connect to hologram-server
- Insecure default connection to hologram server? HOT 3
- Occasional DNS lookup failures when calling hologram agent HOT 5
- Go 1.4 builds as specified in the Dockerfile fail on macOS Sierra HOT 3
- Sierra issues HOT 3
- The hologram roles feature doesn't work with AD servers HOT 1
- hologram-boot process uses 60%+ CPU on macOS Sierra HOT 6
- Error reading data from stream HOT 6
- Support for iam/info endpoint? HOT 1
- gpg-agent managed SSH_AUTH_SOCK encounters signing error HOT 1
- Metadata available on network HOT 6
- Not able to getHologram working because userPassword field does not exist in the LDAP user entry.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hologram.