This repository has been archived by the owner on Apr 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 187
[Weaver] Suggestion: Disable Auth Key #184
Comments
The original rationale for having an authentication key was to prevent accidental public / unprotected exposure of the service. But in hindsight, this was probably not the most brilliant solution as we set a default key which many will probably leave unchanged. I'd be up for removing it entirely in a newer / major version with a disclaimer that no authentication is shipped. With the increasing popularity of service mesh, and API gateways, I think a "saner" way to operate this microservice is probably by moving authentication to the edge. Either:
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I think it would be great if the auth_key could be disabled. We are using Athena in a k8s-Cluster, so its not available from outside. With that in mind, it just makes the auth an extra failure cause.
I think this could be as easy as adding the environment-variable WEAVER_DISABLE_AUTH and just checking it in the middleware. Sadly, i don't have any skills in go, so i can't make my own PR. However, i hope someone else can put me out of this misery.
The text was updated successfully, but these errors were encountered: