Closed dewan-ahmed closed 10 months ago
e.g [not a real token]
eyJhbGciOiJSUzI1NiIsImtpZCI6Iks5OGJ6U0pLeXMzMDJnUWhfc0s4OEU4MktrYWZhbGZ4aWlsUXNxNDNkU2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJnaXRuZXNzLWFkbWluLXNlY3JldCIsImt1YmVybmVbnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJnaXRuZXNzLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzhmZjFiNDQtNWIzNi00NWYwLWEwMTAtOTJhOWZhMjQ5Mjg5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmdpdG5lc3MtYWRtaW4ifQ.MF0kCuCvJLff4AJ320kuRlOmRRMxiO70qlLng9ehKPRPUl0VoqIw9aN7OUTS8pKeSYG44p4xTGnjdR088rl_jApsOSAHWnPqkezT-g-NMp6ADI9ckchwlNwLbkrbR0u8Fkn9BG3ccRTEyMopPd0vcKGJE6ARYnOuuvw8793hOhig8EStlr-WOsVqoWJVqfelO90oonampHNoBDH4ofa0YBXoYVIGoonoHczyiM-578mWNzWWn2Q2JIgfI4H8-MkaWvhhc_JGQ0A9D76Hkxf6jDSPMg
another example [not a real cert]
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
Isn’t it the same on backend? A multiple secret is stored the same correct? This probably can be solved by just changing the UI from an input into a text area.
hey folks, the reason a text input was used is because text-areas do not support the password "type".
i.e. text inputs offer out of the box input masking, text-areas do not.
but I agree that a text area makes more sense in this context.
There are a few stack overflow articles about this issue e.g. https://stackoverflow.com/questions/57737912/css-to-make-a-text-field-look-like-password-field
please do not be tempted to use something like https://developer.mozilla.org/en-US/docs/Web/CSS/-webkit-text-security - it is not standard
we may need to use js to mask the input, but I am open to other suggestions :)
You can base64 encode your certificates... or even better use a vault (hashi?).
my preference would be to use a password font to mask the text area. here is some prior art: https://stackoverflow.com/questions/22457344/masking-input-characters-without-type-password#22457652 https://github.com/csesoc/ARGS/blob/master/site/assets/font/fa-password.css
@font-face {
font-family: 'password';
font-style: normal;
font-weight: 400;
src: url(https://jsbin-user-assets.s3.amazonaws.com/rafaelcastrocouto/password.ttf);
}
textarea {
font-family: "password" !important;
width: 250px;
font-weight: normal;
font-style: normal;
}
@bradrydzewski that approach looks like this
not too bad - but it does mean relying on a font we can't necessarily trust - what are your thoughts @tan-nhu
another alternative is to blur the input like this?
this approach is just css - no new fonts
let's use the password font and vendor in our repository so that we aren't pulling from a third party link. Keep in mind that Drone uses an unmasked textarea. So a password font will be a nice improvement. But if we need to start with an unmasked textarea to unblock this issue as a short term fix, I am also ok with that.
cool - I have a PR up now :)
This should be fixed now as per this commit - https://github.com/harness/gitness/commit/e61eea74a7fb4993c013b7f6d7e6c7637e666acd
I will close this issue :)
Does the Gitness secret support storing multi-line values (like CA certificates)? If not, is there a plan to do so? I'm working with a K8s deployment and was passing token and CA cert from Gitness secret. But the formatting of these breaks when being passed to the pipeline.