20Ağu
Intercept calls to authenticated 3rd-party APIs, to automatically add auth keys?
Is this a good approach to preventing the leakage of secrets?
Say I had a simple setup where Alice holds the secret to access Bob, and Charlie has basic shell access to Alice (with a different auth method). Charlie echo
ing "$BOB_SECRET"
should fail. But when he http POST https://bob.server
before the packet leaves the network card it will have additional http headers attached such that the request succeeds.
If this is a good approach, I suppose I could use mitmproxy, envoy or traefik to implement…