Skip to content

API Keys for External Stats Access #7917

Description

@HeyItsJono

Prerequisites

  • I have checked the Wiki and Discussions and found no answer

  • I have searched other issues and found no duplicates

  • I want to request a feature or enhancement and not ask a question

The problem

Many external services and dashboard e.g. OPNSense and Homepage widgets query the /control/stats API endpoint to display AGH stats within a widget. Many people use these widgets.

AGH doesn't currently offer read-only API key creation, meaning for these widgets to access this endpoint I must pass them my AGH username/password; even in the best case scenario this means storing this sensitive info in a plaintext docker secrets file for these services to use.

Proposed solution

Many other open source homelab projects (e.g. Tautulli, Home Assistant) offer the ability to create API Keys for access to information by other services. This would be much more secure than offering these services my UN/PW. If the key could be restricted to read-only access of certain endpoints, this would be even better; this way if anyone ever got hold of the key, they could only read stats. Keys could also be revoked from the web AGH control panel allowing for easy rotation of keys in the event of compromise.

The current comparison is that if my AGH UN/PW got leaked from these services, the bad actor could log directly into my AGH control panel and make malicious changes, and the current process for changing AGH PW is quite involved requiring generation of a bcrypt hashed PW via a cli tool.

Alternatives considered and additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions