For compliance purposes, we’re trying to log the initiating user for every PHI-related read, write, update, and delete. So if Kevin deletes 3 db records, we want to log who did it (Kevin).
This is easy in a web request context: we just log the current logged-in user.
It’s a bit harder in an aptible ssh context. For example, if Kevin opens a rails console with
aptible ssh rails console, I’d love some way to tell the rails logging mechanism that the user who initiated this command was Kevin.
I’m wondering if anyone has any suggestions? I was hoping that maybe the
aptible ssh command forwarded along an env variable or something I could use to determine which aptible user executed it, but no such luck.
Right now my best alternatives seem to be:
- Fork the aptible cli to provide the currently authed aptible user as an env variable through ssh and use that fork.
- Convince everyone with an aptible account at my company to run
aptible ssh bash -c "USERNAME=$(whoami) rails console"instead of
aptible ssh rails console
Neither are super elegant solutions, so I thought I’d ask here: does anyone have a good way to identify the current user from the context of an
aptible ssh session?