Question

Security for z.stashfile

  • 6 April 2023
  • 1 reply
  • 151 views

Userlevel 1

I’ve tried to google this but couldn’t find the proper documentation. 

https://platform.zapier.com/cli_docs/docs#dehydration

Successfully implemented - a sample of this code 

const content = 'Hello world!';
const url = await z.stashFile(content, content.length, 'hello.txt', 'text/plain');
z.console.log(url);
// https://zapier-dev-files.s3.amazonaws.com/cli-platform/f75e2819-05e2-41d0-b70e-9f8272f9eebf

You create a file thru CLI on your perform method and it returns an s3 link, you can download the file from there. Everybody happy.

 

My question is, who else has access to this file? Obviously, myself bec I have the link but other can do a scan on that s3 bucket as well. Can they access the file?  How long does this file live? Is there a flush method to delete this file ? What if the file have sensitive information? All security question that I would like to understand.  


1 reply

Userlevel 1

FYI, I got this from Zapier team. For those who need this info. 

 

‘After sharing with my team, they confirmed that the file is accessible to anyone with the URL. The file names use a randomized UUID token which helps to keep the file obscure and impossible to guess.

In our AWS, these files are automatically deleted every 7 days. These URLs aren't publicly published anywhere, so they can't be scrapped.

There isn't a flush method to remove the file, but you can reach out to our Premier support team, and we can remove it.’

Reply