As a user, I need to encrypt and hide fields, or encrypt but not hide fields

[MeltyBot]

Migrated from GitLab: https://gitlab.com/meltano/sdk/-/issues/349

Originally created by @aphethean on 2022-03-16 15:32:32

---

Summary

Add a property to plugin settings configuration called 'hidden' and deprecate kind=hidden

Proposed benefits

Once available, deployments of the taps/targets/other plugins will be able to hide settings from users and store them securely when necessary.

Proposal details

When building a dynamic UI on top of the plugin settings, we've found that kind=hidden is incompatible with kind=password

As a example, kind=password means the setting is stored encrypted. Whereas, kind=hidden only means that the setting should not be displayed.

The following permutations are necessary:

• encrypted + hidden
• plain txt + hidden
• encrypted + not hidden (visible)
• plain txt + not hidden (visible)

hidden Setting Field

The hidden setting field should define the conditions under which the setting is visible for configuration by the user.

• If not present, the setting should be considered not hidden implicitly (i.e. visible for configuration)
• If present with a value of true, the setting should be hidden from the user
• If present with a value of false, the setting should be shown to the user (optional)

Example

oauth_credentials.access_token Setting

Configuration for an oauth_credentials.access_token setting should be both hidden from the user, and stored encrypted.

In this case we need

• kind: password
• hidden: true

oauth_credentials.scope Setting

Configuration for an oauth_credentials.scope setting is not sensitive, but does not need to be shown to the user for configuration.

In this case we need

• kind: string
• hidden: true

tap-googleads Example

extractors:
  - name: tap-googleads
    namespace: tap_googleads
    label: Google Ads
    image_url: /assets/images/datasource/tap-googleads.svg
    description: |-
        App and website ads platform hosted by Google.
    docs: ${docsBaseUrl}/data-sources/tap-googleads/
    repo: https://github.com/Matatika/tap-googleads
    pip_url: git+https://github.com/Matatika/tap-googleads@v0.3.0
    capabilities:
      - catalog
      - discover
      - state
    settings:
      - name: oauth_credentials.authorization_url
        kind: hidden
        label: OAuth identity provider authorization endpoint used create and refresh tokens
        value: https://oauth2.googleapis.com/token
      - name: oauth_credentials.scope
        kind: hidden
        label: OAuth scopes we need to request access to
        value: https://www.googleapis.com/auth/adwords
      - name: oauth_credentials.access_token
        kind: hidden
        label: Access Token
      - name: oauth_credentials.refresh_token
        kind: hidden
        label: OAuth Refresh Token
      - name: oauth_credentials.refresh_proxy_url
        kind: hidden
        label: Will be called with 'oauth_credentials.refresh_token' to refresh the access token
        required: false
      - name: oauth_credentials.refresh_proxy_url_auth
        kind: hidden
        label: Sets Authorization header on 'oauth_credentials.refresh_url' request
        required: false
      - name: oauth_credentials.client_id
        kind: hidden
        label: OAuth Client ID
        required: false
      - name: oauth_credentials.client_secret
        kind: hidden
        label: OAuth Client Secret
        required: false
      - name: start_date
        kind: date_iso8601
        label: Start Date
        required: false
      - name: end_date
        kind: date_iso8601
        label: End Date
        required: false
      - name: developer_token
        kind: hidden
        value: some_value
        label: Developer Token
      - name: customer_id
        label: Customer Id

Best reasons not to build

Deprecation proposed in this feature will eventually mean a migration for users of kind=hidden

[MeltyBot]

View 6 previous comments from the original issue on GitLab

[stale[bot]]

This has been marked as stale because it is unassigned, and has not had recent activity. It will be closed after 21 days if no further activity occurs. If this should never go stale, please add the evergreen label, or request that it be added.