Secure Dropbox feature #160
Description
Consider the use case of a central team needing to provide a credential to our team. We don't know who will provide the credential, but we do know our team will need to read it.
Add a permission on a secret to support secure dropbox functionality. The user story is:
- As a platform owner, I want to create a placeholder secret that is shared read/write with my own team.
- As a platform owner, I want to share the placeholder with a role group (for example, any authenticated user) and grant a special dropbox permission that grants write access.
- When a member of the group associated with the special drop box permission writes a value to the placeholder, holos-console should: A) Remove the grant to the role, e.g. authenticated. B) Grant editor permission to the principal email who dropped the secret. C) Set a configurable exp value for the principal who dropped the secret. Default to 7 days expiration in the future.
The goal is to allow any authenticated user to write a value to the placeholder, and as soon as they do they have edit access for 7 days, all other authenticated users are blocked, and my team can read and edit the secret.