Hi 👋 is there a recommended approach to securing project/user-specific secrets? As I understand Flyte does not come with RBAC. We have set up authentication with an IdP, and Secrets are logically separated through namespaces, but what is stopping a user from running a workflow in a different project and extracting all secrets?
a
Andy Czerwonka
02/06/2024, 6:49 PM
I’m also interested in this answer, mostly in the context or running a multi-tenant architecture.
We would just need something simple and lightweight in our org, I'm thinking of trialing a gRPC interceptor
a
Andy Czerwonka
02/06/2024, 7:50 PM
Then how does multi-tenancy work? I docs speak to it as a first-class feature.
h
honnix
02/06/2024, 8:07 PM
Internally we have an authentication/authorization gateway sitting in front of flyteadmin, handling this type of things. The gateway connects to flyteadmin using a static key, so any other direct connect to flyteadmin will no pass flyteadmin auth. Just food for thought.