Add ephemeral API Key Script Variable type

Syncro has a very capable API, and for security reasons a pretty limited set of functionality available from the PowerShell module. My request is to have a new Script Variable type that would allow us to set a script variable to an ephemeral API key for use just during the script run, that Syncro could auto generate at the time of the script run.

The value of this request is that we could then use scripts to interact with the more sensitive portions of the API safely since they are using API keys that are created Just-in-time and deleted as soon as they are no longer needed.

The ideas I’ve had on how that could work is that it would just be a new script variable type with a link on the end similar to the way dropdowns look, but when you click it, it would open up the API permissions window. The second way things could work would be to add another option to the API Tokens Page to have another button at the top next to “New Token” for “New Template”. Then API access could be templated and assigned to script by template. This adds a nice abstraction layer, but I think would tend to lead to overly permissive API access being granted because of the desire to re-use api access on many scripts.
The third option would be to have Syncro analyze the API call and auto provision an ephemeral key with the appropriate permissions. If done right this would be the most seamless and least permissive way since no one knows Syncro APIs better than their own Devs, BUT there are enough ways it could go wrong, and it would take the most work from Syncro Devs it’s probably my least favorite option.

2 Likes

We create scripts extensively. We would love more functionality to be available to interact with Syncro.