Skip to content

docs: clarify security model for access keys and host cluster access #1598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Piotr1215 merged 1 commit into from
Jan 28, 2026
Merged

docs: clarify security model for access keys and host cluster access #1598

Piotr1215 merged 1 commit into from
Jan 28, 2026

Conversation

@Piotr1215
Copy link
Contributor

@Piotr1215 Piotr1215 commented Jan 16, 2026
edited
Loading

Content Description

Preview Link

https://deploy-preview-1598--vcluster-docs-site.netlify.app/docs/platform/next/administer/clusters/connect-cluster
https://deploy-preview-1598--vcluster-docs-site.netlify.app/docs/vcluster/next/configure/vcluster-yaml/external/platform/api-key

Internal Reference

Closes DOC-1161

@netlify /docs

Note

Added security warning about host cluster access and removed redundant "recommended" labeling for shared access keys.

Generated by Claude for 7b31f15

@Piotr1215 Piotr1215 requested a review from a team as a code owner January 16, 2026 12:59
@netlify
Copy link

netlify bot commented Jan 16, 2026
edited
Loading

Deploy Preview for vcluster-docs-site ready!

Name Link
🔨 Latest commit e983de5
🔍 Latest deploy log https://app.netlify.com/projects/vcluster-docs-site/deploys/696a398d0cbd710008fd52cb
😎 Deploy Preview https://deploy-preview-1598--vcluster-docs-site.netlify.app/docs
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@Piotr1215 Piotr1215 requested a review from cbron January 16, 2026 12:59
@loft-bot
Copy link
Contributor

loft-bot commented Jan 16, 2026
edited
Loading

Claude finished @Piotr1215's task in 1m 11s —— View job

Review Complete

No issues found with the documentation changes. The PR makes appropriate security-focused improvements:

  1. Security warning added: The new warning admonition properly alerts readers about host cluster access permissions using appropriate styling
  2. Content streamlined: Removal of redundant "recommended" labeling and excessive explanation text improves clarity

The changes follow documentation style guidelines and maintain consistency with existing patterns.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026

DOC-1161: Update access key page to better explain security model

@Piotr1215 Piotr1215 added this to the v0.31 milestone Jan 16, 2026
@Piotr1215
docs: clarify security model for access keys and host cluster access
e983de5 
Shared access keys can read/list/delete all virtual clusters on the host,
increasing attack surface if exposed. Removes "Recommended" label since
dedicated keys with granular scope are safer for most deployments.

Host cluster access grants broad permissions to platform resources and all
virtual clusters. Adds warning so administrators understand that only
privileged users should have direct host cluster access. Unprivileged users
should connect to virtual clusters directly.
@Piotr1215 Piotr1215 force-pushed the doc-1161/access-key-security branch from 7b31f15 to e983de5 Compare January 16, 2026 13:13
@Piotr1215 Piotr1215 merged commit 6c01cdf into main Jan 28, 2026
9 checks passed
@Piotr1215 Piotr1215 deleted the doc-1161/access-key-security branch January 28, 2026 13:24
Piotr1215 added a commit that referenced this pull request Jan 28, 2026
@Piotr1215
docs: clarify security model for access keys and host cluster access (#…
62cc71c 
…1598)

Shared access keys can read/list/delete all virtual clusters on the host,
increasing attack surface if exposed. Removes "Recommended" label since
dedicated keys with granular scope are safer for most deployments.

Host cluster access grants broad permissions to platform resources and all
virtual clusters. Adds warning so administrators understand that only
privileged users should have direct host cluster access. Unprivileged users
should connect to virtual clusters directly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cbron cbron Awaiting requested review from cbron

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v0.31

Development

Successfully merging this pull request may close these issues.

3 participants

@Piotr1215 @loft-bot