Neophyte
Professor8 minutes ago, Brandon said:That being said - if I'm understanding you correctly, it sounds like the solution I posted above might negate the need for the API accounts you mentioned. So if you migrate your primary API functions to use the native java library, you can shut off the API keys entirely and just let the collector do its thing. I'm no security expert so please correct me if my assertion is incorrect.
In any case - please reply to this post if you start playing around with the library. I'm really curious if it works well for others. So far it's been a lifesaver for me.
Cheers!
Excellent point -- the other functions we need could likely be satisfied with an API user having manager and not admin role. I will see if we can leverage the library to avoid needing an admin API user -- thanks! That said, it should still be possible to bind an allowlist to any API user to limit the attack surface. I as well can dream...
