Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure keychain/ASM/1P secret values are obfuscated with a comment #1889

Closed
alecthomas opened this issue Jun 27, 2024 · 1 comment · Fixed by #1916
Closed

Ensure keychain/ASM/1P secret values are obfuscated with a comment #1889

alecthomas opened this issue Jun 27, 2024 · 1 comment · Fixed by #1916
Assignees
@matt2e

Comments

@alecthomas
Copy link
Collaborator

Something that has occurred multiple times now is that users manually modify and/or create secrets in a format that can't be read by FTL (ie. not JSON). This is not surprising, as the values are relatively human readable, eg. a password might be "Deau34dWKWLCMWE8ymCN", however if the human edited value isn't JSON encoded correctly, FTL will fail to decode it.

I think we should add a comment to values, and obfuscate them so it's not trivial to edit them. eg. the above might be:

# This secret is managed by "ftl secret set", DO NOT MODIFY
IkRlYXUzNGRXS1dMQ01XRTh5bUNOIg==

Ideally this would not be per-provider, but generically applied. This might be fairly straightforward, if the resolver does this encoding, and the providers just store/retrieve the raw bytes.
@alecthomas alecthomas added the next Work that will be be picked up next label Jun 27, 2024
@github-actions github-actions bot added triage Issue needs triaging and removed triage Issue needs triaging labels Jun 27, 2024
@ftl-robot ftl-robot mentioned this issue Jun 27, 2024
Open
@gak
Copy link
Contributor

gak commented Jun 27, 2024

Similar: #1772

@matt2e matt2e self-assigned this Jul 1, 2024
@github-actions github-actions bot removed the next Work that will be be picked up next label Jul 1, 2024
This was referenced Jul 1, 2024
Merged
Closed
@matt2e matt2e closed this as completed in 0e17f9f Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matt2e matt2e

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: obfuscate secrets to avoid tampering block/ftl
3 participants
@gak @alecthomas @matt2e