privateducky
commented
1 month ago agreed; it should be.
Closed Ameston closed 3 weeks ago
privateducky
commented
1 month ago agreed; it should be.
privateducky
commented
1 month ago this will be done by default of another ticket (going in next deployment)
storbeck
commented
1 month ago The reason we don't natively support redaction in a textarea is due to its inherent limitations. Textareas and password fields function differently, and a textarea can't mask input like a password field.
While it's possible to implement redaction with additional JavaScript or CSS, it complicates the UI unnecessarily. The primary reason we use a textarea is for better readability and ease of input for JSON service account info.
praetorian-harry
commented
3 weeks ago @Ameston as David mentioned above, now no secret information for integrations is returned from the API: https://github.com/praetorian-inc/chaos/pull/1006/files
When a user enters the service account JSON for the first time to create the integration, it will be exposed in plaintext, but no users will be able to access that secret information via the UI or API after the integration is created.
Is this sufficient to resolve the bug? If not, what should be done in addition to this?
Ameston
commented
3 weeks ago Is this sufficient to resolve the bug?
I believe so!
praetorian-harry
commented
3 weeks ago @Ameston great 👍
I'll go ahead and close this issue; please feel free to reopen it if your opinion changes!
Customer has requested that the GCP service account JSON (in the integrations view) be redacted like the secret information of other integrations.