Closed chekunkov closed 5 years ago
Target
here is a named tuple: we should rather wrap it with a custom class (class Target(namedtuple('Target', [..]))
and redefine its __repr__
logic to exclude/mask API key field, or write a custom class for API key string specifically - what you prefer. When it works as expected (excludes/masks the field value in Target representation), the tests should be updated appropriately to reflect it.
Thanks @vshlapakov! I noticed too and implemented it on a small class for the apikey restricted to the get_target_conf
area.Sure, I will update the tests. One question, should we display a constant string as a mask or should it match the length of the original key?
should we display a constant string as a mask or should it match the length of the original key?
Our API keys have a fixed length, so there's no problem with showing *
/x
instead of each char from security pov, and using a constant string would work too, I don't have a strong preference here.
I accidentally posted my apikey to GH with debug output, like this
apikey is easy to change, but I realized that I'm doing something wrong only at the last moment, I easily could have missed that. maybe for better security we can customize representation of the Target or apikey?
str()
will return apikey string,repr()
will returnxxxxxxxxxxxxxxxxxxxxxxxxx
.