{"html_url": "https://github.com/simonw/datasette/issues/950#issuecomment-680262437", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/950", "id": 680262437, "node_id": "MDEyOklzc3VlQ29tbWVudDY4MDI2MjQzNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-08-25T20:49:24Z", "updated_at": "2020-08-25T20:49:24Z", "author_association": "OWNER", "body": "The alternative to this would be to use regalur databases and control access to them using [Authentication and permissions](https://docs.datasette.io/en/stable/authentication.html). My concern there is that it's just too easy for someone to mess up their configuration, which would be really bad. I like the idea of a much stronger defense mechanism specifically designed for secrets that should not be exposed.\r\n\r\nOutside of secrets, passwords and tokens this mechanism could also be useful for the use-case of using Datasette to power websites - as seen on https://www.niche-museums.com/ and https://www.rockybeaches.com/ - maybe those sites don't want to expose their data through their API but still want to use `datasette-template-sql` and the `graphql()` template tag in `datasette-graphql` to render data.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 685806511, "label": "Private/secret databases: database files that are only visible to plugins"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/950#issuecomment-680263427", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/950", "id": 680263427, "node_id": "MDEyOklzc3VlQ29tbWVudDY4MDI2MzQyNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-08-25T20:51:30Z", "updated_at": "2020-08-25T20:52:13Z", "author_association": "OWNER", "body": "`datasette-graphql` currently dispatches requests through the `TableView` class, so if that couldn't access private databases then it would not be able to either. See also the concept for `datasette.get(...)` as an internal API in #943 - that might need to have a mechanism for also being able to query private databases, maybe `datasette.get(path, allow_private=True)`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 685806511, "label": "Private/secret databases: database files that are only visible to plugins"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/950#issuecomment-680263999", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/950", "id": 680263999, "node_id": "MDEyOklzc3VlQ29tbWVudDY4MDI2Mzk5OQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-08-25T20:52:47Z", "updated_at": "2020-08-25T20:52:47Z", "author_association": "OWNER", "body": "Naming challenge: secret databases or private databases?\r\n\r\nI prefer private. But `datasette -p` is already taken by `--port`. `datasette -s` is currently available.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 685806511, "label": "Private/secret databases: database files that are only visible to plugins"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/950#issuecomment-680264202", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/950", "id": 680264202, "node_id": "MDEyOklzc3VlQ29tbWVudDY4MDI2NDIwMg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-08-25T20:53:13Z", "updated_at": "2020-08-25T20:53:13Z", "author_association": "OWNER", "body": "Forcing people to spell out `datasette github.db --private private.db` isn't terrible though.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 685806511, "label": "Private/secret databases: database files that are only visible to plugins"}, "performed_via_github_app": null}