Confidant web interface should indicate if USE_ENCRYPTION=False

lyft / confidant

Confidant: your secret keeper. https://lyft.github.io/confidant

Apache License 2.0

1.85k stars 109 forks source link

Confidant web interface should indicate if USE_ENCRYPTION=False #27

Open woodrow opened 9 years ago

woodrow commented 9 years ago

We should show a warning header/banner if you've intentionally disabled encryption (for e.g. in development or trying out Confidant via Docker).

An example from Stripe's OAuth flow (though Confidant's should be more alarming and explicit about the lack of encryption):

jeff-abe-98 commented 9 years ago

I would like to work on this but I am having trouble getting started, can someone point me in the right direction?

ryan-lane commented 9 years ago

Hey @jewishjeff. The easiest way to handle this would be to expose some settings through a flask endpoint and have the angularjs app load those settings on initial load. Based on a setting you'd be able to ngHide/ngShow a div in the interface for this.