Allow secrets in Header.authorization_basic
and Header.authorization_bearer
#8739
Labels
-libs
Libraries: New libraries to be implemented
We do allow Secrets in our 'plain' headers, like
Header.new "Name" secret_value
, but currently the two helper methods used for authorization where secrets would be most useful do not accept them.This is due to the fact that to construct the actual header payload, these two helpers need to append a 'non-secret' prefix to the secret value or even perform a Base64 encoding of the transformed value, and such manipulations of secrets were not currently supported.
We probably need to implement a simple set of operations that can be performed on secrets. We should not allow performing arbitrary Enso operations on secret values, as that would be a too easy way to leak the actual values. Instead, we may need to create some simple DSL for derived secrets, i.e.:
using that, we could allow such derived values to be used and then computed on the Java side.
The text was updated successfully, but these errors were encountered: