Sets NoEchooption on Datadog API key and app key parameters to true in AWS templates, so the values of these secrets are not visible in plaintext in the Cloudformation UI.
Motivation
It's a security risk to have these otherwise secret API and app key values exposed in the AWS UI. These values are treated as secret in the Datadog UI, so they should be treated as secret elsewhere in users' stacks.
Testing Guidelines
I deployed the stacks from the updated template and confirmed that the values were obfuscated.
Before:
Note: Please remember to review the contribution guidelines if you have not yet done so.
What does this PR do?
Sets
NoEcho
option on Datadog API key and app key parameters totrue
in AWS templates, so the values of these secrets are not visible in plaintext in the Cloudformation UI.Motivation
It's a security risk to have these otherwise secret API and app key values exposed in the AWS UI. These values are treated as secret in the Datadog UI, so they should be treated as secret elsewhere in users' stacks.
Testing Guidelines
I deployed the stacks from the updated template and confirmed that the values were obfuscated. Before:![image](https://github.com/DataDog/cloudformation-template/assets/5915468/36de7eff-370f-4321-b2cd-8598138d9e8c)
After:
Additional Notes
Anything else we should know when reviewing?