Securing Your Site
When you move to production, you will want to make sure you have taken all the steps possible to secure your site and the data that powers it. Lunar takes this very seriously and always do our best to follow industry practices.
If you find a security issue with Lunar, please reach out to us privately on Discord or via email firstname.lastname@example.org so we can address it and patch with a new release as soon as possible.
As a Laravel developer, we are sure you are well versed in their security practices and how to lock down your app. But, if you need a refresher here are some useful links:
Depending on which search driver you are using will depend on how you lock down the data that Lunar indexes in a production environment. To provide a rich search experience in the hub. We currently index the following models, which may contain sensitive information.
What is sensitive information?
We classify sensitive information as data that contains information about your customers or orders, whether identifiable or not. Information such as addresses, emails, names is likely to be indexed for use in the hub.
Index names are relative to the
SCOUT_PREFIX env variable.
|Contains Sensitive Information
In a production environment, you must set an API key to allow access to the search endpoints that Meilisearch provides. It is recommended to have two API keys, one to perform admin tasks such as indexing documents (read/write) and one solely for reading.
Using a service like Ploi
If you are using Ploi, which is a fantastic service for managing servers and deploying code, they offer the ability to spin up Meilisearch servers from their UI and they give you the ability to set different API keys with various restrictions. Perfect if you are not confident in doing the nitty-gritty server stuff yourself.
Algolia has a lot of security features out-of-the-box. They also have some extra steps you should take to lock things down even further. There is an article dedicated to the topic which you should read.