This is helpful, thank you. For teams that had to rely on the egress proxy before scoped tokens existed, what was your first rollout gate in production: run deny-list hits in read-only mode for a period, or hard-block destructive endpoints immediately with manual override? I'm trying to avoid the 'proxy exists but nobody trusts it' failure mode.****
hard-block from day one, but only on a deny-list short enough to defend in a hallway: the three or four genuinely irreversible mutations. Shadow-mode the rest and review hits weekly to grow the list from data. The "nobody trusts it" failure mode usually isn't the deny-list; it's the override path. If breaking glass means paging security, people route around the proxy. If it's a Slack approval that returns in under a minute, they use it and the proxy earns standing.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is helpful, thank you. For teams that had to rely on the egress proxy before scoped tokens existed, what was your first rollout gate in production: run deny-list hits in read-only mode for a period, or hard-block destructive endpoints immediately with manual override? I'm trying to avoid the 'proxy exists but nobody trusts it' failure mode.****
hard-block from day one, but only on a deny-list short enough to defend in a hallway: the three or four genuinely irreversible mutations. Shadow-mode the rest and review hits weekly to grow the list from data. The "nobody trusts it" failure mode usually isn't the deny-list; it's the override path. If breaking glass means paging security, people route around the proxy. If it's a Slack approval that returns in under a minute, they use it and the proxy earns standing.