Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-australia
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
t
Tim Wright
02/18/2022, 8:48 PMHey everyone. Prefect Cloud user here. I know that in Prefect Cloud our actual code stays on our systems - and that our agent (in this case, a K8s agent in AKS) polls prefect cloud to determine when to run a flow (and with what parameters it should run). I was wondering if there are any ways to prevent/limit malicious users from executing in our infrastructure if an api key with deployment permissions was accidentally compromised? Is there anything we can do within the agent (or elsewhere) to prevent a bad actor from registering a flow with Prefect Cloud that could then get picked up by our agent?
k
Kevin Kho
02/18/2022, 8:56 PMI think you are imagining somehow limiting the IP of machines that can register Flows so that even if the API key is compromised, we could reject new flows from being created from other places?
t
Tim Wright
02/18/2022, 9:47 PMYeah - that would do it. Is that a feature? Can we whitelist IPs that are able to access/register within Prefect Cloud?
k
Kevin Kho
02/18/2022, 10:05 PMNot a feature at the moment but with Orion (Prefect 2.0), you can host it in your infrastructure that could control those connections.
t
Tim Wright
02/18/2022, 10:31 PMOk. Thanks Kevin