🤔 Problem

We don’t currently have a way in Renku 2.0 to enter credentials for private Cloud Storages, which renders this functionality very limited.

In addition, users don’t want to have to enter their cloud storage credentials every time they start a session.

🍴 Appetite

We need to be careful when developing security things! 6 weeks so we have time to be careful.

Though this pitch doesn’t need 6 weeks for front end, more like 2 weeks?

🎯 Solution

Save cloud storage credentials per user (no sharing credentials), using the existing secrets storage functionality.

However, Cloud storage credentials should not be available in the session like the other secrets.

Entering and saving credentials

… during initial set up

When the user sets up a cloud storage data source, they should have an option to save the credentials in RenkuLab.

(side note: Will users expect that saving credentials will make them usable for other people on the project? Do we need to show an information message that the saved credentials only work for you?)

… upon first launch

When a user launches a session where credentials are required for a cloud storage data source, the user should be prompted for credentials and offered to save those credentials.

• The idea here is if anything is needed for session launch (missing credentials, no access to the default resource class), the user is prompted with a minimal interface for entering that specific information, rather than being shown a whole start with options style page.

They should also have the option to not mount the data source, in case they can’t provide credentials.

In both of the above scenarios, if the users chooses to save the credentials, they should never have to enter the credentials for that cloud storage data source again.