Hide enroll secret by default

[GuillaumeRoss]

Goal

As a user taking a screenshot of the Hosts > Add Hosts modal, I want Fleet to save me from accidentally sharing my enroll secret publicly.

Figma

TODO

[noahtalerman]

@GuillaumeRoss we decided to deprioritize this improvement.

Reasoning:

• While it's risky to expose our enroll secret in demos and blog posts, we don't want to sacrifice the user's experience to lessen this risk.
• Soon we'll introduce the ability to download installers. We don't want to invest more time in thinking through how we can lessen the risk and maintain a good experience.

In the current experience, the user can see the entire command (realize that it's a bash command they have to run in the terminal) and copy the exact command they see.

One solution is to cover only the enroll secret in the fleetctl package command. This makes the experience of copying the command awkward. As a user I might think the masked characters (•) are included in what I copy. Do I have to replace them?

There are other ways to solve this^. However, we've decided to not prioritize thinking about how we can accomplish this.

Please let me know if you have any concerns.

[noahtalerman]

@RachelElysia @fx5 FYI this issue tracks the request you brought to product office hours on 2022-09-29.

[noahtalerman]

@RachelElysia @fx5 heads up, we're going to deprioritize this. The reasoning is the same as in the above comment plus one additional point:

• We want to prioritize #7765 and #7726 because these OKRs are important to the success of the business. They add more value to the paid product and expand our addressable market respectively.

[noahtalerman]

cc @mikermcneil. I'm notifying you because this has been deprioritized.