Open TrevorPayne opened 2 years ago
As an alternative, we could write data back as Base64 encoded data - it's a start for (minor) obfusctation, but we would still ahve to know that we're writing back to something that was already tagged as a secret - so if we have that data, we should be able to save the original secret-linking object and this becomes a non-issue.
Is your feature request related to a problem? Please describe. When secrets are utilized in a device config for a reconfigurable device, saving the config file to a local config overwrites the secrets object with the data normally stored as a secret. This is a security concern.
Describe the solution you'd like Update the
CustomSetConfig
method in theReconfigurableDevice
class to compare the data within the correspondingDeviceConfig
object stored in theConfigReader
class, looping through its properties to find any object containing aSecretsPropertiesConfig
object and utilizing that object rather than the locally stored, retrieved Secret data to write to the local config. TheDeviceFactory.CheckForSecrets
method is a good prototype for determining how to loop through the config to find these objects.Describe alternatives you've considered This has to be handled in at least a similar method to this.