You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem
- The current admin model relies primarily on a shared server master API
key (TRAQ_API_KEY).
- There is no named admin identity model, no admin login/session flow, and
no per-operator attribution.
Current posture
This is acceptable for controlled beta only if admin operations remain
operator-only and are run from trusted environments.
Field devices should never have the admin key.
Why this is a problem
A shared admin secret is too weak as the long-term remote admin model.
Compromise of the shared key compromises the admin surface.
There is no individual revocation or audit trail by operator identity.
Beta decision
For now, admin operations remain operator-only through traq-admin and
trusted operator environments.
Work needed
Define the long-term admin auth model for remote deployment.
Decide whether to use:
Google-backed identity / IAP / OAuth
named admin users with separate credentials
another explicit admin auth layer
Acceptance criteria
The deployment model clearly distinguishes:
device token auth for field devices
operator-only admin access for beta
A follow-up design is chosen for long-term remote admin identity/auth.
- The current admin model relies primarily on a shared server master API
key (TRAQ_API_KEY).
- There is no named admin identity model, no admin login/session flow, and
no per-operator attribution.
operator-only and are run from trusted environments.
trusted operator environments.