Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow secrets in Header.authorization_basic and Header.authorization_bearer #8739

Closed
radeusgd opened this issue Jan 11, 2024 · 1 comment · Fixed by #8761
Closed

Allow secrets in Header.authorization_basic and Header.authorization_bearer #8739

radeusgd opened this issue Jan 11, 2024 · 1 comment · Fixed by #8761
Assignees
@radeusgd
Labels
-libs Libraries: New libraries to be implemented

Comments

@radeusgd
Copy link
Member

radeusgd commented Jan 11, 2024
edited
Loading

We do allow Secrets in our 'plain' headers, like Header.new "Name" secret_value, but currently the two helper methods used for authorization where secrets would be most useful do not accept them.

This is due to the fact that to construct the actual header payload, these two helpers need to append a 'non-secret' prefix to the secret value or even perform a Base64 encoding of the transformed value, and such manipulations of secrets were not currently supported.

We probably need to implement a simple set of operations that can be performed on secrets. We should not allow performing arbitrary Enso operations on secret values, as that would be a too easy way to leak the actual values. Instead, we may need to create some simple DSL for derived secrets, i.e.:

type Derived_Enso_Secret
    Constant txt:Text
    Secret secret:Enso_Secret
    Concat lhs:Derived_Enso_Secret rhs:Derived_Enso_Secret
    Base_64_Encode value:Derived_Enso_Secret

using that, we could allow such derived values to be used and then computed on the Java side.
@radeusgd radeusgd added the -libs Libraries: New libraries to be implemented label Jan 11, 2024
@radeusgd radeusgd self-assigned this Jan 11, 2024
@enso-bot
Copy link

enso-bot bot commented Jan 15, 2024

Radosław Waśko reports a new STANDUP for the provided date (2024-01-12):

Progress: Implemented Derived_Secret_Value to allow using secrets in Header.authorization_{basic|bearer}. Implemented local binding propagation in type PoC + a prototype for checking function argument types. It should be finished by 2024-01-16.

Next Day: Next day I will be working on the #8722 task. Allow secrets in AWS_Credential

@radeusgd radeusgd mentioned this issue Jan 15, 2024
Merged
5 tasks
@radeusgd radeusgd linked a pull request Jan 15, 2024 that will close this issue
Allow secrets in Header.authorization_* #8761
Merged
5 tasks
@mergify mergify bot closed this as completed in #8761 Jan 18, 2024
mergify bot pushed a commit that referenced this issue Jan 18, 2024
@radeusgd
Allow secrets in Header.authorization_* (#8761)
14be36c 
- Closes #8739
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@radeusgd radeusgd

Labels
-libs Libraries: New libraries to be implemented
Projects
Issues Board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow secrets in Header.authorization_* enso-org/enso
1 participant
@radeusgd