Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secrets Manager #427

Closed
chrisisbeef opened this issue Sep 28, 2022 · 4 comments
Closed

Secrets Manager #427

chrisisbeef opened this issue Sep 28, 2022 · 4 comments
Labels
enhancement New feature or request open for vote Vote at https://wokwi.com/features

Comments

@chrisisbeef
Copy link

Is your feature request related to a problem? Please describe.
Storing secrets in your source code is a known major security issue.

Describe the solution you'd like
Arduino has solved this problem in their web editor through the creation of a Secrets tab in the editor where those secrets are associated to the user and the project; and when a project is opened by a difference user, that association can not be made so the values in their secrets tab are empty and have to be filled in by them. In the code, a simple token replacement appears to be how it is implemented in the arduino cloud editor; anyplace a secret needs to be added in the code, it is referenced using the template SECRET_YOUR_SECRET_NAME and that value will be replaced by the secret string.

For example:
If the Secrets tab contained the following secret

SECRET_SSID: Wokwi-Guest

Prior to compilation the template would go from this

const char SSID[] = SECRET_SSID;

to this

const char SSID[] = "Wokwi-Guest"
@chrisisbeef chrisisbeef added the enhancement New feature or request label Sep 28, 2022
@urish urish added the open for vote Vote at https://wokwi.com/features label Sep 28, 2022
@urish
Copy link
Contributor

urish commented Sep 28, 2022

Thanks! Opened this request for voting

@Cloufish
Copy link

Cloufish commented Mar 10, 2023

May I ask for an explanation? o.O

I understand the idea - We want to not store secrets in plaintext inside the template
But @chrisisbeef described that:

Prior to compilation the template would go from this

const char SSID[] = SECRET_SSID;

to this

const char SSID[] = "Wokwi-Guest"

How is it more secure If we have a plaintext secret? ;o
Did you type it by mistake the other way around @chrisisbeef ?

@chrisisbeef
Copy link
Author

How is it more secure If we have a plaintext secret? ;o Did you type it by mistake the other way around @chrisisbeef ?

The secret exists only as Plaintext at at compile-time and outside of the IDE - the biggest benefit here is that it allows developers to quickly prototype an idea without having their secrets stored as part of the source code itself. The SECRET_XXXXXX token would be replaced during preprocessing by the actual value of the stored secret from a vault built in to the environment (there are a couple different ways to actually implement this)

If you load up the Arduino IDE you can see an example of how they handle this problem

@urish
Copy link
Contributor

urish commented Jun 30, 2024

Closing this issue as it has only received 1 vote despite being open for almost two years.

@urish urish closed this as completed Jun 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request open for vote Vote at https://wokwi.com/features
Projects
None yet
Development

No branches or pull requests

3 participants