I want to disable garden dashboard (garden login+dev) for all users of my company until we get the security approval for meta data that is sharing. is there a way i could do it?
Hi @User, I didn't see your post here and I just replied to you on GitHub: https://github.com/garden-io/garden/issues/6095
Hi @chilly-gigabyte-83853 . thanks for the response. I know for a fact that we can disable anonymized metadata using "garden config analytics-enabled" command. I was just wondering is there a way to disable the dashboard feature at all regardless of dependency to login, which I realized there is no way. Does it make sense to raise a request for this feature? or you think it will be ignored because there is already the "login process" which almost do the same thing?
I am also interested in such a feature (same reason, to introduce garden base functionality until security approval is done) 🙂
As I mentioned in the issue, unless users are logged in, there is no data transferred, so unless you log in, nothing will be shared to our servers. If you want to try to prevent unintentional logins, you could perhaps set
domain: https://donotuse.example.com
in the project garden file. The field is used by our enterprise users to point their project at their managed instance of Garden Enterprise. Setting that to a bogus domain will override the url that's open with
garden login
and return a 404 page. Finally, I wanted to share that we are a SOC2 compliant company, we undergo regular pentestings and we take security very seriously. If you (or your security team) ever find anything suspicious or are unsure about certain parts of the system or our source code, feel free to reach out privately here or via email at security@garden.io (see: https://github.com/garden-io/garden/blob/main/SECURITY.md). I hope this helps.