Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

does quickwit support any auth to protect the quickwit APIs? #5602

Open
zywsky opened this issue Jan 8, 2025 · 4 comments
Open

does quickwit support any auth to protect the quickwit APIs? #5602

zywsky opened this issue Jan 8, 2025 · 4 comments
Labels
enhancement New feature or request

Comments

@zywsky
Copy link

zywsky commented Jan 8, 2025

We build the quickwit cluster and grafana UI. Grafana side is calling quickwit API, through quickwit datasource.

Currently, anyone can call the quickwit search API or the APIs in the quickwit swagger of control plane if he knows the URL. This is not what we want.

We want add some auth in quickwit side, and grafana side will call the quickwit side with related credentials. Or it can be in another way, grafana and quickwit side can do certificate mutual authentication.
Any way, we want quickwit not expose its API directly and want to do some protection.

So want to query and confirm if quickwit side support adding some auth currently?

Thanks a lot.

@zywsky zywsky added the bug Something isn't working label Jan 8, 2025
@zywsky
Copy link
Author

zywsky commented Jan 8, 2025

This is not a bug, just enhancement..

@rdettai rdettai added enhancement New feature or request and removed bug Something isn't working labels Jan 9, 2025
@rdettai
Copy link
Collaborator

rdettai commented Jan 9, 2025

There has been some work in that regard (#5533), but we don't have an ETA. For now, I would recommend using a proxy sidecare that does auth and SSL.

@vavdoshka
Copy link

@rdettai any pointers to how this proxy can be setup? In the context of cluster-mode when qw nodes need to talk to each other, it seem the proxy with auth is a problem for that.

@rdettai
Copy link
Collaborator

rdettai commented Jan 23, 2025

I'm sorry @vavdoshka but there are many ways to do that and the best solution will likely depend on the details of your infra. To begin with, QW should probably not be exposed to the public internet, even if it had SSL and authentication support. It's also a problematic that's a bit orthogonal to QW's main focus. To make sure the solution you come up with is robust and secure, you should definitively reach out to an expert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants