About the http_call
action
Least privilege access in distributed systems
In privacy engineering, the fundamental principles you must consider when designing a system include separation of concerns and the principle of least privilege access. Each system component should be responsible for a single concern and only have access to the data it needs to perform its function.
Many distributed systems use third-party services to perform non-core functions. For example, a system may use a third-party service to send emails or SMS messages or to perform credit card transactions.
In these cases, you want to send to the third-party service only the data it needs to perform its function and don't want your system to have access to data if it is not required. The http_call
action addresses this requirement.
Piiano Vault http_call
action
Piiano Vault provides an operation that enables you to send an HTTP request from Vault with the data required by a third-party service without exposing that data to the caller of the operation. The operation does this by receiving a request body that uses templates to define elements of the HTTP request. These templates use variables mapped to Vault global identifiers to define data values from a referenced object.
This enables you to limit the caller's permissions to invoke the http_call
action and not provide full read access to the underlying data.
Given the implications of sending sensitive data outside Vault, there are two mechanisms for controlling the scope of the actions activities:
- to ensure callers can only request Vault send data to trusted third parties, you define the
PVAULT_SERVICE_ALLOWED_HTTP_DESTINATIONS
andPVAULT_SERVICE_ALLOWED_PCI_HTTP_DESTINATIONS
services and features environment variables with a list of trusted third-party services that Vault can send data to. - to prevent the action from accessing or processing more data than is required, you define a role for the action and set it in the
PVAULT_SERVICE_ACTIONS_HTTP_CALL_ROLE
services and features environment variable. This enables you, for example, to limit the action to only reading email addresses from the collection containing customer details.
In the Piiano Vault SaaS Sandbox, the following hosts are preconfigured for testing purposes:
The equivalent configuration for self-hosted Vaults is:
PVAULT_SERVICE_ALLOWED_HTTP_DESTINATIONS=https://echo.free.beeceptor.com,https://webhook.site
Custom actions
With custom actions, you can create a tailored solution for your use case. Custom actions use JavaScript code, have built-in functions for accessing stored or encrypted data, and offer the ability to call third-party services with a fetch
function. These features mean you can seamlessly integrate with external resources and enhance Vault’s capabilities without exposing data to the operation's caller. See custom actions for more details and examples.