Open ptodev opened 1 year ago
I'm not sure about this one. Not all headers are secrets. They could be a map[string]rivertypes.OptionalSecret
though.
KeyFile
I don't think the file path which holds the key is a sensitive value.
Note that CAPem and CertPem are "secrets" in the Collector's equivalent of this config. I'm not sure why. I thought only private keys are considered secrets, and I thought certificates are generally not.
No, CA and cert are public keys, we don't need to treat them as sensitive.
Background
We currently store certain fields as strings, where they should probably be stored as secrets:
Proposal
We could store those strings as secrets, so that they are hidden in places like log files. This might be an overkill for things like headers, but even for them it would be good to just use secrets: