-
-
Notifications
You must be signed in to change notification settings - Fork 741
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use mask_secrets properly #2754
Conversation
* utility method in a base class that controllers can use to decide the value of mask_secrets. This utility uses query parameters to decide if secrets should be returned unmasked. * apikeys controller uses utility to decide
I'm personally not too opinionated about this - I think displaying a hash itself is fine since it's not a secret. |
@@ -64,3 +70,25 @@ def _get_query_param_value(self, request, param_name, param_type, default_value= | |||
value = transform_to_bool(value) | |||
|
|||
return value | |||
|
|||
def _get_mask_secrets(self, request): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
I was starting to question that assumption as well. Anyway, this is more or less a continuation of a previous decision so keeping with it until we conclude that |
Yeah, hash is by definition one-way so there should be no reason to hide it or treat is as a secret. Having said that, I'm also fine with doing it, but I guess it could confuse some users and make them thing like we use symmetric encryption or something instead of hash if we mask it... |
Keeping it as is for now. |
* master: send bastion parameter through to paramiko ssh client
Note :
--show-secrets
is not supported forst2 apikey get
. This feature is meant to enable token export.CLI
With and without
--show-secrets
Todo