2

I have been using DataStax and I'm about to push to my repository, is it safe to have the secure-connect-DBNANE.zip on the repo? I would suppose so since it's required to make queries but I'm not certain.

Erick Ramirez
  • 13,964
  • 1
  • 18
  • 23
joshpetit
  • 677
  • 6
  • 17

1 Answers1

2

The Datastax documentation does mention:

Be careful when sharing connection details. Providing this information to another user grants them access to your Astra database and ownership capabilities, such as making modifications to the database.

For security, delete downloaded connection credentials after sending them to your teammate.

That does not strike me as something you should have in a Git repository.

You should rather re-download that file when you need it in a new cloned instance of your repository.

Alternatively, you can right-click the Download credentials link, copy the link source, and then use a curl command to download the secure-connect-database_name.zip file:

curl -L "<secure-connect-database_name-download-URL>" > database_name.zip
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • URL for download is available only for 5 minutes, if I remember correctly – Alex Ott Oct 11 '20 at 17:08
  • @AlexOtt Is there any API to trigger a new URL? – VonC Oct 11 '20 at 17:33
  • I'm not sure - at least there was no 3 months ago... But take into account that without username/password, the secure bundle is useless, so if you don't put them into git repo, people couldn't use just secure bundle to connect to the database – Alex Ott Oct 11 '20 at 17:42
  • @AlexOtt OK, so even with its name "secure", this file would not be too "sensitive" and could be stored in a Git repository? – VonC Oct 11 '20 at 17:49
  • 1
    it's not the best practice, but could be possible if it's used for non-critical data... – Alex Ott Oct 11 '20 at 17:52
  • @AlexOtt OK. The best practice should remain, I suppose, to keep that file in an external referential, like a vault, as opposed to a public Git repository. – VonC Oct 11 '20 at 17:54
  • Yep, any secrets storage would be nice – Alex Ott Oct 11 '20 at 18:01