Hmm, not sure. I guess i lack web security knowledge. When are those keys used?
I'm assuming you mean for the clients, right?
Hi UnevenHorse85
As far as I understand, users use logins and passwords specified in config/apiserver.conf to access webserver UI and key/secret key from their local ~/clearml.conf to access apiserver.
Correct 🙂
access apiserver. What is the use of all other security keys
To be able to configure the SDK client (i.e. clearml package) from OS environment and not clearml.conf file
Thanks! It means all of these are redundant if I use clearml.conf?
UnevenHorse85 , these are used by the server when generating security tokens for the browser sessions, and tokens issued to the clients who identify using their credentials.
When are those keys used?
They are the default keys for internal access, basically just make up something, otherwise someoune could access the server with the default keys
I am referring to server-side setup from here https://clear.ml/docs/latest/docs/deploying_clearml/clearml_server_security#example-using-environment-variables
Oh I see, these are to secure your server (basically we recommend you replace the default key/secret 🙂 )
Make sense ?