Flow web app: expose unevaluated config files #517
Comments
rfratto
changed the title
This should be enough to guarantee all strings used for secrets get scrubbed correctly. If we want extra safety, we could also support some kind of If/when support for variables gets added in the future, we'd have to do a little more work to make sure a string doesn't get exposed, probably by doing some kind of analysis to see if a variable is ever passed to a secret-typed argument. |
|
@rfratto It would be great if there is a separate ticket for frontend and one for backend, so that we can note down any important description within the ticket without getting messy 😃 |
rfratto
changed the title
|
@xiyu95 Sure, I turned this into a high-level issue and split the issue up:
|
|
For API endpoints like this, would it be good to require extra authentication when calling the Agent API? If I understand correctly, at the moment there is no authentication. Especially for Agent Management there might be a benefit in seeing the full unredacted config file. |
It would be nice to have an endpoint which shows the unevaluated config file for all config blocks and components. This can be viewable in a single page (similar to Prometheus' config file endpoint), or we could also show the unevaluated config per-component when viewing a component-specific page.
However, doing this securely isn't simple: we'd still want to scrub any hard-coded strings which are passed to any attribute with a secret type.
#517
The text was updated successfully, but these errors were encountered: