Hello… Is there a playbook to implement authentica...
# prefect-community
a
Hello… Is there a playbook to implement authentication for Prefect Server similar to the experience you get in the cloud? I’m dealing with PHI data and I can’t have an open door to the console for everyone at my company
🙌 1
z
Hey Alex — we do not have a playbook for this because authentication is infrastructure specific & complicated. Our best-practice auth is implemented in Cloud but we can’t provide a similar solution in Server since we don’t own the infrastructure. That said, I know some people set up basic auth with Prefect Server so perhaps someone from the community will share some advice.
a
Thanks Michael… The entry point into the server seems to be Apollo server so I started looking at something like this: https://www.apollographql.com/blog/setting-up-authentication-and-authorization-with-apollo-federation/
Not sure if it’ll yield anything but that’s the current focus
z
I’d recommend starting with a VPC that only allows white listed IPs (or a VPN) since you don’t have to touch any code to restrict access
a
yeah… there’s something like that already in place, everyone on the VPN comes in as the same IP address, so while I can restrict access to my company, I cant restrict access to specific individuals within the company
z
Yeah that’s tricky. I don’t think you’ll get to granular permissioning without some complicated changes to the code — handling auth in Cloud is one of the more complex things we do.
j
@Alex Rud it may be worth mentioning that Prefect Cloud was designed for users working with sensitive data (in healthcare and finance) - in case you’d like to explore the hosted offering.
a
Is there any information on what the baa process/hipaa compliance is? Without doing too much of a deep dive, off the bat I would see a concern with logging, as I believe the log info would be stored in the prefect cloud and any sensitive information logged would be leaving our environment. I could be misunderstanding the architecture so would love to get more info/case studies to see if cloud really is an alternative
j
Yup, I’d invite you to check out this case study for a sampling, and our team (sales@prefect.io) would be happy to walk through the process in any detail. We can also assist with disabling logs to Cloud, as that’s a common concern. For more details on data handling with the Hybrid Model please see this FAQ: https://docs.prefect.io/orchestration/faq/dataflow.html#when-is-data-persisted. Let us know if we can answer any questions - we’re here to support you, whichever route is best for you!