Skip to content

Enforce database permissions, data masking with Bytebase API and GitHub Actions.

Notifications You must be signed in to change notification settings

bytebase/database-security-github-actions-example

Repository files navigation

Database Security GitHub Actions Example

This directory demonstrates how to use Bytebase API and GitHub Actions to configure data security related features. You can refer this example to build a GitOps solution to codify all data security policies.

This example shows a typical directory structure:

  1. principal. Users, groups.
  2. iam. Roles, Query, and Export permission settings.
  3. masking. Dynamic data masking.

If you are familiar with Google Cloud Platform (GCP), you may notice the Bytebase model is quite familiar:

  1. GCP Project
  2. GCP IAM
  3. GCP Org policy

Fetch the access token with service account

To call the Bytebase API, you need to use the service account

Doc: https://www.bytebase.com/docs/api/authentication/

export bytebase_url=http://localhost:5678
bytebase_account="api@service.bytebase.com"
bytebase_password="bbs_QUYgvZaOsI2Hlal3a7k4"
bytebase_token=$(curl -v ${bytebase_url}/v1/auth/login \
    --data-raw '{"email":"'${bytebase_account}'","password":"'${bytebase_password}'","web":true}' \
    --compressed 2>&1 | grep token | grep -o 'access-token=[^;]*;' | grep -o '[^;]*' | sed 's/access-token=//g; s/;//g')
echo $bytebase_token

About

Enforce database permissions, data masking with Bytebase API and GitHub Actions.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published