Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12933

Charts embedding: "signature" vs "secret key"

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Charts
    • Labels:
      None

      Description

      On a page about creating Embedded Charts: (https://docs.mongodb.com/charts/onprem/data-sources/#enable-or-disable-embedding)

      Verified Signature only. This option requires embedded charts to include a secret embedding key with each request sent to the data source.

      I found this confusing, because if the client (the web browser) were sending the key, then the user would also be able to see the key, so it wouldn't be a secret.

      The linked page cleared it up for me: (https://docs.mongodb.com/charts/onprem/embedding-charts/#embedding-charts)

      The verified signature creates a payload by generating a HMAC from your embedding key, a timestamp, and identifying data from your chart.

      This makes more sense to me: the key stays secret, and stays on the server. Because only the server knows the key, nobody else can create a signature.

      So on that first page, I think "secret embedding key" should say "signature".

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

            Assignee:
            jeffrey.allen@mongodb.com Jeffrey Allen
            Reporter:
            david.percy@mongodb.com David Percy
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              4 years, 39 weeks ago