Feature Request: storing multi-line values in Gitness secret

dewan-ahmed commented 11 months ago

Does the Gitness secret support storing multi-line values (like CA certificates)? If not, is there a plan to do so? I'm working with a K8s deployment and was passing token and CA cert from Gitness secret. But the formatting of these breaks when being passed to the pipeline.

ravilach commented 11 months ago

e.g [not a real token]

eyJhbGciOiJSUzI1NiIsImtpZCI6Iks5OGJ6U0pLeXMzMDJnUWhfc0s4OEU4MktrYWZhbGZ4aWlsUXNxNDNkU2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJnaXRuZXNzLWFkbWluLXNlY3JldCIsImt1YmVybmVbnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJnaXRuZXNzLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzhmZjFiNDQtNWIzNi00NWYwLWEwMTAtOTJhOWZhMjQ5Mjg5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmdpdG5lc3MtYWRtaW4ifQ.MF0kCuCvJLff4AJ320kuRlOmRRMxiO70qlLng9ehKPRPUl0VoqIw9aN7OUTS8pKeSYG44p4xTGnjdR088rl_jApsOSAHWnPqkezT-g-NMp6ADI9ckchwlNwLbkrbR0u8Fkn9BG3ccRTEyMopPd0vcKGJE6ARYnOuuvw8793hOhig8EStlr-WOsVqoWJVqfelO90oonampHNoBDH4ofa0YBXoYVIGoonoHczyiM-578mWNzWWn2Q2JIgfI4H8-MkaWvhhc_JGQ0A9D76Hkxf6jDSPMg

dewan-ahmed commented 11 months ago

another example [not a real cert]

tan-nhu commented 11 months ago

Isn’t it the same on backend? A multiple secret is stored the same correct? This probably can be solved by just changing the UI from an input into a text area.

d1wilko commented 11 months ago

hey folks, the reason a text input was used is because text-areas do not support the password "type".

i.e. text inputs offer out of the box input masking, text-areas do not.

but I agree that a text area makes more sense in this context.

There are a few stack overflow articles about this issue e.g. https://stackoverflow.com/questions/57737912/css-to-make-a-text-field-look-like-password-field

please do not be tempted to use something like https://developer.mozilla.org/en-US/docs/Web/CSS/-webkit-text-security - it is not standard

we may need to use js to mask the input, but I am open to other suggestions :)

mq2195 commented 11 months ago

You can base64 encode your certificates... or even better use a vault (hashi?).

bradrydzewski commented 11 months ago

my preference would be to use a password font to mask the text area. here is some prior art: https://stackoverflow.com/questions/22457344/masking-input-characters-without-type-password#22457652 https://github.com/csesoc/ARGS/blob/master/site/assets/font/fa-password.css

@font-face {
  font-family: 'password';
  font-style: normal;
  font-weight: 400;
  src: url(https://jsbin-user-assets.s3.amazonaws.com/rafaelcastrocouto/password.ttf);
}

textarea {
 font-family: "password" !important;
 width: 250px;
 font-weight: normal;
 font-style: normal;
}

d1wilko commented 10 months ago

@bradrydzewski that approach looks like this

not too bad - but it does mean relying on a font we can't necessarily trust - what are your thoughts @tan-nhu

another alternative is to blur the input like this?

this approach is just css - no new fonts

bradrydzewski commented 10 months ago

let's use the password font and vendor in our repository so that we aren't pulling from a third party link. Keep in mind that Drone uses an unmasked textarea. So a password font will be a nice improvement. But if we need to start with an unmasked textarea to unblock this issue as a short term fix, I am also ok with that.

d1wilko commented 10 months ago

cool - I have a PR up now :)

d1wilko commented 10 months ago

This should be fixed now as per this commit - https://github.com/harness/gitness/commit/e61eea74a7fb4993c013b7f6d7e6c7637e666acd

I will close this issue :)

harness / gitness

Feature Request: storing multi-line values in Gitness secret #3400