[DOCS-12933] Charts embedding: "signature" vs "secret key" Created: 31/Jul/19  Updated: 31/Jul/19  Resolved: 31/Jul/19

Status: Closed
Project: Documentation
Component/s: Charts
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: David Percy Assignee: Jeffrey Allen
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 4 years, 28 weeks ago

 Description   

Description

On a page about creating Embedded Charts: (https://docs.mongodb.com/charts/onprem/data-sources/#enable-or-disable-embedding)

Verified Signature only. This option requires embedded charts to include a secret embedding key with each request sent to the data source.

I found this confusing, because if the client (the web browser) were sending the key, then the user would also be able to see the key, so it wouldn't be a secret.

The linked page cleared it up for me: (https://docs.mongodb.com/charts/onprem/embedding-charts/#embedding-charts)

The verified signature creates a payload by generating a HMAC from your embedding key, a timestamp, and identifying data from your chart.

This makes more sense to me: the key stays secret, and stays on the server. Because only the server knows the key, nobody else can create a signature.

So on that first page, I think "secret embedding key" should say "signature".

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Jeffrey Allen [ 31/Jul/19 ]

Duplicate of DOCSP-6409

Generated at Thu Feb 08 08:06:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.