Due to the nature of the templates, most likely in the JSON of each template the user will want to have some passwords, tokens or similar. This produces multiple issues:
those who will hack the DIDroom dashboard, will read the secrets
for the templates that are public, other registered users can read the secret
replace all the values in the json with ".....": bad because that requires considerable manual work for the user to fix
create a second data channel (similar to Zenroom's "keys" and "data") where the above happens.
warn the user not store any secret data, with some scary copy or with a blocking pop-up requiring the user to accept before the JSON can be edited (currently the preferred way).
???
If the 3. way is chosen, we must help the user to enter the secret data into the deployment of the microservices.
If the 1. or 2. way is chosen, we can provide an additional tool/dialog to enter the secrets into the deployment (via cliroom?)
Due to the nature of the templates, most likely in the JSON of each template the user will want to have some passwords, tokens or similar. This produces multiple issues:
See screenshot: https://gyazo.com/f7149bc6bf16b42d652d5942b76480ee
Possible mitigations: