search

netbox-community / netbox

The premier source of truth powering network automation. Open source under Apache 2. Try NetBox Cloud free: https://netboxlabs.com/free-netbox-cloud/
http://netboxlabs.com/oss/netbox/
Apache License 2.0
16.21k stars 2.59k forks source link

Remove or hide password in Data Source UI #18007

Open mskalecki opened 22 hours ago

mskalecki commented 22 hours ago

NetBox version

v4.1.6

Feature type

Change to existing functionality

Triage priority

I volunteer to perform this work (if approved)

Proposed functionality

Remove or hide the plain text password that is currently displayed in the Backend section of the Data Source view.

Use case

I'm using fine-grained personal access tokens to connect to private GitHub repositories as Data Sources. While these access tokens have very minimal permissions, I don't think they should be displayed in plain text any time I navigate to the Data Source in the UI.

At a minimum, the password / PAT should be hidden (requiring a click to expose the plain text), but I can't see any good reason to show them at all and would just remove it from the view entirely.

Database changes

None

External dependencies

None

mskalecki commented 17 hours ago

I took a look at the relevant html template, and I see that the sensitive_parameters (including password) are hidden from users who don't have permissions to change the fields, but really this should be hidden from everyone, especially in the non-edit view.