New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Config: new option -r redacts sensitive fields #1376
Conversation
- `config -r` will show 'REDACTED' instead of the actual value - Has a default list of field names that should be redacted (e.g., 'password') - Plugins can add redacted fields that they introduce
Nice! About 'key' and 'secret': no need for a regex, you could simply do |
- `add_redacted_fields(self, *field_names)` to use argument unpacking - foo =| bar instead of foo = foo | bar
Thanks for the review, @brunal ! Good suggestions, as always. About key, secret etc: I like the idea, but it would give false positives (e.g., duplicates plugin has a field 'keys'), so I think it'll be okay as it is. I'll add some docs a bit later. |
LGTM. Could you add tests in |
Thank you, @tomjaspers! This looks great. I'm going to make a few enhancements to the modularity of the redaction itself in |
Config: new option -r redacts sensitive fields Conflicts: beets/util/confit.py
OK, done. The API is now quite a bit different: rather than a hard-coded set of keys, you now mark individual views as redacted. Like this:
So it's possible I missed some things that were covered by the previous hard-coded list, but which I haven't yet found by searching the code. Please let me know if it seems like I left a gap. I also have one question of opinion: What do you think about making redaction the default? People would have to pass |
I think the main use-case for dumping the config is for sharing it elsewhere, so I'm all for making it the default redacted 👍 |
Great! Redaction is now the default. The flag |
I think this was brought up in some issues before, as it makes it easier for people to blanket copy/paste their configuration when posting issues, without worrying about spilling their keys.
This PR introduces the
config -r
(config --redacted
) flag, which does the same asconfig
, with the fields redacted, e.g.,['password', 'username', 'userid', 'apikey', apisecret', 'email']
).self.config.add_redacted_fields(['google_API_key', 'google_engine_ID'])
I was considering working with regex, matching 'secret', 'key', etc, but the above list seems to cover all the fields from the plugins listed in the official beets docs.