Allow marking all notifications as read with a single button
Sometimes you ignore notifications, and suddenly, you have a few dozens of them hanging. And there's no way to mark them all as read. The only way to get rid of the unread notifications is to go through each one of them. It would be awesome to have a button that allows to mark all notifications as read.
Night mode for Dashboard.
Really easy, but simple. On the dashboard, enable a switch so the user can switch to a black or dark grey background for evening work so it's a bit easier on the eyes.
Scoped API Access
When creating an API token, allow fine grained scoped control. An example use case is, when using LetsEncrypt to generate your certificates, you can perform a DNS challenge to authenticate control of the domain. This adds a TXT record to your domain, confirming you have access to that domain. You currently need to give your "god-mode" API token to do this using DigitalOcean. With scoped access, you could create an API token with "dns:modify" and that's all that API token would be allowed to do. This would reduce the attack surface if the API token gets leaked from your droplet.
Ask for password before issuing a destroy or rebuild
When destroy a droplet, system should ask to enter password to confirm before delete it for more safety. Since this is the most important decision.
Adding phishing proof passwordless authentication with #FIDO2/#WebAuthn and #U2F
Hey guys. I am Yuriy. An engineer from FIDO Alliance. You probably heard about us. We are the organisation behind U2F protocol that Google reported killed employee phishing: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing . Our organisation have developed secure, seamless, phishing proof, passwordless authentication standard called FIDO2. Or some people may call it WebAuthn. WebAuthn is the JS API part in the browsers of the FIDO2, and it is supported by Chrome, Edge and Firefox. I was happy customer of yours for many years and I felt like you guys so great and innovative, that adding FIDO2 support to your multifactor authentication instead of TOTP would be a great idea, since TOTP is succeptable to phishing. We have a tutorial https://slides.com/fidoalliance/jan-2018-fido-seminar-webauthn-tutorial I wrote blog posts on attestation and assertion verification: https://medium.com/@herrjemand/verifying-fido2-responses-4691288c8770 We have a stories a good deployment stories: https://engineering.linecorp.com/en/blog/fido-at-line/ And we have a helpful and friendly community that will be able to help you if you stuck *) Regards. Yuriy
Team-member approval before certain action (like; destroy)
We would like to 'protect' certain Teams/Group, where for certain actions (like destroy a droplet) an approval of a second team member is needed before execution. Just like you now can 'force-2auth' to all users in a Team, you should be able to add 'force-4eyes' in a team. For example; an account or device is hacked of one of the team members, and is able to login to the DO dashboard. During this the hacked account is deleting/destoying droplets and their resources. Now, all the droplets and resources will be deleted immediatly, which results in a single point of faillure security risk.
Allowing users to set custom project icon
Hey why you guys didn't add the option to set custom images to project as it's going to help users to identify their project quicker instead of reading the project name.
Avatar for teams
User avatars are managed by Gravatar, but teams avatars can't be customized. Would be great to be able to upload them.
Display all issues in control panel
If an issue is affecting any of my services, a banner message should be displayed within the control panel. This should be the case for issues that affect whole regions (ie: what appears on status.digitalocean.com ), or only smaller groups of users (ie: temporary downtime on a single hypervisor node).
Object Graph Style interface of Resources
It would be nice to see a object graph style interface of all of your resources with filtering capabilities. Example, in a single interface you can see all of your droplets filtered by project. You can see which firewalls are connected to those droplets. The firewalls show up as separate objects with lines connecting them. You can see your load balancers with lines to those same droplets. Then you have a box that represents a VPC and those droplets appear in those boxes. Right now it is cumbersome to switch between these different interfaces, and retain a mental map of what is connected to what. This might not be the right solution but might be a good starting point: https://developer.squareup.com/blog/dependentree-graph-visualization-library/ Once the charting is working well, you could add context menus to objects that could allow you to execute actions like connecting, disconnecting. Maybe there is a view the opens up when you hover over an object that show's it's metadata or attributes. Like for a droplet, it shows resource usage and network addresses.