Hide other secrets in the UI behind a POST to reveal button

[robotdan]

Hide other secrets in the UI behind a POST to reveal button

Description

Similar to how we handle the HMAC secret, we could hide things like client secrets, or other tokens used in webhooks, LDAP or Generic connectors, or other IdPs. We could also treat them more like the SMTP password where you can never see it and you can only set it.

• [ ] FusionAuth Application client secret
• [ ] OpenID Connect IdP client secret
• [ ] Google IdP client secret
• [ ] Twitter IdP token secret
• [ ] Other IdPs
• [ ] Generic or LDAP connector creds
• [ ] Webhook or messenger creds
• [x] API key on the index page. Show n characters.
• [x] API key on the view dialog
• [ ] Entities view dialog

[jobannon]

It would be great to allow the hiding of sensitive information using a Secrets Master or similar and have aliases/variables that can be inserted into lambdas (for items such as API keys) in populate and reconcile lambdas.

[mooreds]

@jobannon see also https://github.com/FusionAuth/fusionauth-issues/issues/1629