As Slack webhooks are considered secret, they shouldn't be specified on the command line, as they could be logged in the shell history, for example.
To remedy this, permit the --slack-webhook-url and --slack-error-webhook-url to be provided via environment variables which click is able to read in during execution.
The additional benefit here is that because of environment variables being used we can, for example, use Ansible's community.docker.docker_container's env_file option to specify a file containing all the secret environment variables (e.g., these webhooks, and the Google OAuth2 ClientID/Secret), which themselves can be populated by an approved secrets management solution.
As Slack webhooks are considered secret, they shouldn't be specified on the command line, as they could be logged in the shell history, for example.
To remedy this, permit the
--slack-webhook-urland--slack-error-webhook-urlto be provided via environment variables whichclickis able to read in during execution.The additional benefit here is that because of environment variables being used we can, for example, use Ansible's
community.docker.docker_container'senv_fileoption to specify a file containing all the secret environment variables (e.g., these webhooks, and the Google OAuth2 ClientID/Secret), which themselves can be populated by an approved secrets management solution.