managementApiSecret for demo servers


#1

Is it necessary to set the managementApiSecret in docker-compose.yml to secure a Prisma demo server? I’m trying to set up the managementApiSecret, but it doesn’t seem to be making a difference. I want to ensure that my demo server is secure.


#2

Hi @jordan.michael.last ,

Demo servers provide a free and shared environment among all Prisma Cloud users. Since they’re not deployed manually by any user, they can’t be secured them using the managementApiSecret.

You can however use the secret field in prisma.yml to secure your individual service but you can’t secure the whole Prisma server as it is shared.

If you want you can easily spin up a Heroku server for free from app.prisma.io and can do anything with it.

Hope this will help you :slightly_smiling_face:


#3

Thanks, that helps. This is not spelled out anywhere in the documentation, and I think this should be clearly explained. I understand that the demo servers shouldn’t be used for production, but the reasons mentioned have nothing to do with the data not being secured, only storage and rate limiting.


Change username and password for prisma demo server database
#4

Just to double-check, are you saying that the demo Prisma server is secured already, so that I don’t have to worry about it? If I secure my service, is that essentially enough?


#5

See my reply here: Change username and password for prisma demo server database