-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secrets Manager #427
Comments
Thanks! Opened this request for voting |
May I ask for an explanation? o.O I understand the idea - We want to not store secrets in plaintext inside the template
How is it more secure If we have a plaintext secret? ;o |
The secret exists only as Plaintext at at compile-time and outside of the IDE - the biggest benefit here is that it allows developers to quickly prototype an idea without having their secrets stored as part of the source code itself. The If you load up the Arduino IDE you can see an example of how they handle this problem |
Closing this issue as it has only received 1 vote despite being open for almost two years. |
Is your feature request related to a problem? Please describe.
Storing secrets in your source code is a known major security issue.
Describe the solution you'd like
Arduino has solved this problem in their web editor through the creation of a
Secrets
tab in the editor where those secrets are associated to the user and the project; and when a project is opened by a difference user, that association can not be made so the values in their secrets tab are empty and have to be filled in by them. In the code, a simple token replacement appears to be how it is implemented in the arduino cloud editor; anyplace a secret needs to be added in the code, it is referenced using the templateSECRET_YOUR_SECRET_NAME
and that value will be replaced by the secret string.For example:
If the
Secrets
tab contained the following secretPrior to compilation the template would go from this
to this
The text was updated successfully, but these errors were encountered: