You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: en/cloud/security/guide.md
+4-13Lines changed: 4 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,7 +59,7 @@ downtime.
59
59
60
60
### Permissions
61
61
62
-
To support different permissions for clients, it is possible to limit the permissions of a client. Only `read` or `write` permissions are supported.
62
+
To support different permissions for clients, it is possible to limit the permissions of a client. Only `read` or `write` permissions are supported.
63
63
64
64
#### Request mapping
65
65
The request actions are mapped from HTTP method. The default mapping rule is:
@@ -71,7 +71,7 @@ For `/search/` this is replaced by:
71
71
72
72
#### Example
73
73
74
-
Create 3 different certificates, for three different use cases:
74
+
Create 3 different certificates, for three different use cases:
75
75
* Serving - `read`
76
76
* Ingest - `write`
77
77
* Full access - `read, write`
@@ -144,7 +144,7 @@ Token authentication must be explicitly enabled when used in combination with
144
144
145
145
#### Create tokens using the console
146
146
147
-
Tokens are managed in the console under **Account>Tokens**.All tokens are identified by a name, and can contain multiple versions to easily support token rotation.
147
+
Tokens are managed in the console under **Account>Tokens**.All tokens are identified by a name, and can contain multiple versions to easily support token rotation.
148
148
To create a new token:
149
149
1. Click **Add token**
150
150
1. Enter a name for the token, note that this name must also be referenced in the application later.
@@ -207,7 +207,7 @@ The cryptographic properties of token authentication vs mTLS are comparable. The
207
207
* tokens are sent as a header with every request
208
208
* since they are part of the request they are also more easily leaked in log outputs or source code (e.g. curl commands).
209
209
210
-
It is therefore recommended to
210
+
It is therefore recommended to
211
211
* create tokens with a short expiry (keeping the default of 30 days).
212
212
* keep tokens in a secret provider, and remember to hide output.
213
213
* never commit secret tokens into source code repositories!
@@ -401,12 +401,3 @@ Vespa Cloud users on paid plans have access to Vespa Cloud Support.
401
401
For cases where the VespaTeam needs access to the application's data to provide
402
402
support, the Vespa support personnel can request access after an explicit approval
403
403
from the customer in the open support case.
404
-
405
-
406
-
## Identity verification
407
-
408
-
In some cases, Vespa Support may need to verify your identity before providing
409
-
assistance with sensitive operations, such as resetting your password or making
410
-
changes to your account.
411
-
412
-
For more information, see the [Identity Verification Guide](identity-verification.md).
0 commit comments