Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
fix: serialize secrets to json. #465
This change adds JSON serialization of secret types,
Related issue number
@@ Coverage Diff @@ ## master #465 +/- ## ===================================== Coverage 100% 100% ===================================== Files 14 14 Lines 2225 2230 +5 Branches 437 437 ===================================== + Hits 2225 2230 +5
The reason I made changes to the str function for both is that if we keep it as is, then we end up with these kinds of things as JSON output:
Where as with the modified str we would get something like this instead:
Please let me know what you think.
@samuelcolvin I've been thinking about how to deal with a situation such as this:
Which would result in:
If you need the inner 'object' to be provided for the configuration of another item, you have to kind of force it to fit by modifying the values in-place to be what you want. Like for instance in the above example, where you'd have to unsecret the secret items(manually turn everything into
Which is not especially useful, ideally we would be able to unsecret the entire dict recursively and then pass it on to classes or functions that need those items to be plain-text.
Do you have any thoughts on this?
See dangerouslySetInnerHTML in react.
See hazmat in cryptography.
The whole point is to make it somewhat involved to get the raw value.
If there's any point whatsoever in include
If people don't need it to be secret, they don't have to use it.
In fact in your example above, it's still not exactly complicated to generate the uri:
@samuelcolvin In the postgresql example, that would expose secrets if the conf object is printed out.
Anyway, that's not really related to this PR, just a couple of thoughts I was having.
Apr 11, 2019
4 of 7 checks passed
If you use the secret values then they may be visible in the context in which you use them, there's no way around that.
The only point in