Hello Everyone,
We’d love to see the ability for specific Secrets to be marked to require manual approval upon access by a service account.
For a Secret with this flag active, the workflow could be akin to the following:
- A service account attempts to access a secret marked to trigger a push notification to its owner or to a specific group.
- Relevant users get a push notification issued to sessions/devices they are currently signed into (e.g. web, mobile).
- (a) If all push notifications time-out or if at least one notification is manually denied, return a failure code.
- (b) If a relevant user approves the notification, return the secret as usual.
This would be relevant to sensitive secrets that are accessed infrequently, or only expected to be accessed as part of manually-triggered processes and not automated ones, and would grant defenders additional opportunities to respond upon potential token exposure. This is especially relevant to e.g. secrets that contain or enable access to cryptographic key material.
A risk to be considered here is that it could result in a degree of fatigue if the flag is over-used, but this seems easy to mitigate with proper processes.
Cheers!