Nikita Savchenko
CDCloudflare Developers
•Created by Sia on 12/12/2023 in #workers-help
How do I define the KV_NAMESPACE?
17 replies
CDCloudflare Developers
•Created by Nikita Savchenko on 10/26/2023 in #general-help
Security best practices for dev and prod API tokens for editing DNS for a single zone
The API call is deep down in the letsencrypt library and k8s Issuer controller, as per https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/#api-tokens. I think I could do it manually, but it would be a huge engineering overhead.
8 replies
CDCloudflare Developers
•Created by Nikita Savchenko on 10/26/2023 in #general-help
Security best practices for dev and prod API tokens for editing DNS for a single zone
It could work, but I need a cert for the wildcard domain; HTTP challenge doesn't allow issuing wildcard certs
8 replies
CDCloudflare Developers
•Created by Nikita Savchenko on 10/26/2023 in #general-help
Security best practices for dev and prod API tokens for editing DNS for a single zone
Enterprise? The pricing is all custom and based on the exact features you need, bandwidth, etc, my understanding is the amount of domains is just another small factor in it. You have Pro Zones, Business Zones, and Enterprise AccountsYea makes sense. But as mentioned, many can't start from enterprise, there should be another solution.
8 replies
CDCloudflare Developers
•Created by Nikita Savchenko on 10/26/2023 in #general-help
Security best practices for dev and prod API tokens for editing DNS for a single zone
Thanks!
As for the Enterprise option, I can’t just buy the enterprise plan first and then start building a company with a comfortable dev subdomain. So no, this is not an option.
As for completely separating dev domain from prod, this is indeed the only viable option I see as of now, but it comes with pitfalls in other 3p services we use. Also another kind of questions arise: for instance even in that enterprise example, it seems that we’d have to apply pro/business/enterprise plan twice, for dev and prod, if we would want to use features from the enterprise plan in future on dev. TL;DR As Cloudflare’s pricing seem to be shaped around TLDs, we’d need to use the same for all our dev/test/dynamic/prod domains etc etc, or indeed one enterprise plan, but again, we can’t start from it.
Anyways, instead of making customers to think hard, I have a feeling that just a single security feature is missing from Cloudflare offerings (a bit more granular DNS permission control), seemingly needed by many: https://community.cloudflare.com/t/restrict-scope-api-tokens-to-a-subdomain/156702/17
For now it feels that we need to compromise on security until we’re finally on the enterprise plan.
8 replies