09-26-2017 02:39 AM
We have groundplex nodes running our pipelines, and some of these pipelines have REST snaps that connect using security sensitive credentials, and are processing sensitive data. When running these pipelines we can see that these credentials (and some sensitive data that is passing through the pipelines) are being logged to files on the groundplex in one way or another. This is ok with us because nobody can access these logs outside of the groundplex, we control the security of these files. However, in the Dashboard UI in SnapLogic we can see some of this logging from within the “Pipeline Health” section. We have seen some sensitive data in the UI.
Does this mean the logs are uploaded to your cloud?
How is the SnapLogic UI getting access to the logs? Is it only client-side access?
We would like a detailed explanation how the UI is capable of accessing these logs, and if they ever touch your servers in any way. Thank you.
09-27-2017 01:52 PM
Logs are not uploaded to the cloud but they do pass through the cloud.
When a browser session (client) makes a request for the logs, the control plane passes that request to the node in question. That node will pass back the log to the browser and part of that communication flow is it goes through SnapLogic servers as SnapLogic servers are what has connectivity to both the nodes, and the browser client.
What method are you using to pass credentials through the REST Snap (just so we understand correctly the use case you have)?
09-27-2017 03:31 PM
Thank you for that explanation.
We have a very large collection of credentials that are queried from a DB, and the REST call data is constructed with proper security headers with said credentials. Because of the large number of credentials we maintain, we didn’t want to create or manage these using the Accounts management system in SnapLogic.