ApiKey support for securing the Cerbos API? #1626
-
Hello, I was trying to figure out if Cerbos provides an API authentication mechanism (ApiKey?) to avoid uncontrolled access to the API set. Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
You're correct. There's no builtin way to restrict access to the check API because it doesn't expose any sensitive data. If you want to do it, one way to do it is to make Cerbos listen on 127.0.0.1 or a Unix domain socket and configuring a proxy that enforces the access restrictions. We have an example of configuring Ghostunnel on a Kubernetes environment here: https://docs.cerbos.dev/cerbos/latest/deployment/k8s-sidecar.html |
Beta Was this translation helpful? Give feedback.
You're correct. There's no builtin way to restrict access to the check API because it doesn't expose any sensitive data. If you want to do it, one way to do it is to make Cerbos listen on 127.0.0.1 or a Unix domain socket and configuring a proxy that enforces the access restrictions. We have an example of configuring Ghostunnel on a Kubernetes environment here: https://docs.cerbos.dev/cerbos/latest/deployment/k8s-sidecar.html