Rudder

Managing systems with Rudder basically means giving an OOB-Agent complete access over all systems.
Currently there is a working acces control for the users with a quite complex set of permissions one can get, so you can define roles and responsibilities.

OTOH there are all-mighty API Keys, which are only limited by the available functionality of the API itself, it cannot be used outside of systems that you put on the same security-level as the OS of Rudder itself (which is one of the highest).

This basically means you have to make very extra setup if you'd want to ensure the same functional differentiation on the users that need have access to anything that's backed by the API (like a CLI Tool).

A very ugly hacky workaround it to limit functionality of the API on apache level with restrictions to the URL, and probably also the source IP allowed to use it, but as the API grows, this will end up in a very unmaintainable set of rules.

So please think about how to introduce an access control for the API Keys, where you can limit them to specific actions/objects (maybe also source IPs?)