Explicit auth with TEMP tokens · cockroachdb/cockroach#56577

(5 comments) (0 reactions) (0 assignees)Go (32,150 stars) (4,124 forks)batch import

C-wishlistT-disaster-recoverygood first issue

Description

Informs #56536

Use of external storage temp tokens, together with explicit authentication is dangerous. In general, explicitly specified tokens could expire while long running operation (backup, restore) is still executing, without any way for us to regenerate such temp token.

We should error out if external storage URI uses temporary credentials for backup, restore, import, scheduled backup and cdc.

We should also provide an extra URI parameter for the user to specify if they really wish to override this behavior: "&REALLY_USE_TEMP_CREDENTIALS"

Epic CRDB-71

Jira issue: CRDB-2924

Contributor guide

Tech stack: go
Domain: databasesecurity
Issue type: feature
Difficulty: 4
Estimated time: 1-2 days
Activity status: stale
Clarity: clear
Prerequisites: Go programmingCockroachDB basicsexternal storage conceptsauthentication tokens
Newbie friendliness: 35
Research direction: Examine the backup and restore code in pkg/backup and pkg/storage. Look for how external storage URIs are parsed and used. Linked issue #56536 provides context. The goal is to detect temporary credential parameters (e.g., in AWS S3 temp tokens) and either reject them or allow an explicit override via a new URI parameter like '&REALLY USE TEMP CREDENTIALS'. Compare with existing validation for other URI parameters.