Hi everyone,
So this has been an issue for me since Integromat and it still persists (I think).
Secrets like Connections and Keys created within a team are visible to all users within that team with at least Restricted Team Member
role in that team. This poses a major threat to privacy IMO. The strength of Make is in the ease of creating connections and integrations if you are not a seasoned API programmer. People will mostly use their own credentials or API keys to create those connections (very often you won’t even have a choice when a SaaS tool doesn’t provide a way to create company managed API keys or Oauth integrations). When this happens everyone in the team can e.g list someone’s Google Drive files or even remove them.
What would work here would be probably assigning ownership of secrets to users who create them as well as allowing them to decide who can use those secrets and how.
Maybe there is a way around that which I haven’t figured out. I’d be grateful for suggestions.
Cheers,
Arek