You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by "mdeshmu (via GitHub)" <gi...@apache.org> on 2023/04/03 18:10:04 UTC

[GitHub] [superset] mdeshmu commented on issue #23486: AWS IAM Role support for send mail functionality

mdeshmu commented on issue #23486:
URL: https://github.com/apache/superset/issues/23486#issuecomment-1494761471

   In both the examples given above by @yash-sec, credentials were stored in the repository. 
   Just to let you know, the solution I am talking about doesn't require you to store the credentials in the repository. 
   
   They are retrieved from AWS Secrets Manager or AWS Systems Manager Parameter Store at container start-up.
   Here is an example: https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-ecs.Secret.html
   
   You don't have to keep credentials in your code at all. So no question of being hacked. I don't know how else I can explain.
   
   If AWS Secrets Manager is not trustworthy, then probably AWS IAM or AWS STS which generates temporary tokens can also be hacked. It's a matter of zero-trust architecture.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org