Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] AzureUploader: Support SAS urls #800

Open
coonmoo opened this issue Nov 2, 2024 · 1 comment
Open

[FEATURE] AzureUploader: Support SAS urls #800

coonmoo opened this issue Nov 2, 2024 · 1 comment
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@coonmoo
Copy link

coonmoo commented Nov 2, 2024

Problem

Egress AzureUploader only supports accountname / shared key authentication.
Shared keys grant the Livekit Azure uploader excessive permissions like listing/reading all files in the account.

If the shared key would be compromised all recordings in the blob storage account would be exposed.
We are concerned with having the shared key being passed to Livekit Cloud's egress environment where we don't have any control.

Solution

Support Azure Blob Storage container SAS urls in AzureUploader.
This would allow us to use authentication with write only permissions for the storage container.
@coonmoo coonmoo added enhancement New feature or request help wanted Extra attention is needed labels Nov 2, 2024
@davidzhao
Copy link
Member

I would encourage you to submit a PR for the feature if you are interested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidzhao @coonmoo