Companies working with highly sensitive information require a data security screening processed before plugins like Tokens Studio can be approved for use. Our community members would like to see our data security information:
easily accessible from within the plugin
hyperlink to policies and documentation would suffice
sync provider information easily accessible from the plugin documentation for sync providers
customization of the plugin settings at an admin of an enterprise level to limit which sync options are available
Ex: a community member in banking did not have the plugin approved for use because the possibility of having personal access tokens stolen was ranked as too high of potential risk.
If they could configure to only show the "URL" sync option, it would have been a viable tool as the risk is much lower.
Today, our community members have to ask us for this information via Slack and pass it along to their team, which isn't a formal enough process for companies working in highly regulated industries.
The current sync features aren't secure enough for some industries to approve use of the plugin.
Where is sync or external storage provider information stored?
Provider information is stored client-side within Figma.
Repository name and file name are stored on the Figma document.
Personal access token is stored in the Figma users' client storage.
Is there other security-specific information you are looking for?
How does this issue impact your day-to-day workflow?
What workarounds do you have?
TBD â Jump to post
Please authenticate to join the conversation.
đĄ Requests
đĄ Plugin Feedback
đ Sync and token storage
8 months ago
Sam - Tokens Studio
Get notified by email when there are changes.
đĄ Requests
đĄ Plugin Feedback
đ Sync and token storage
8 months ago
Sam - Tokens Studio
Get notified by email when there are changes.