Don't show diffs by default

voxpupuli / puppet-sssd

yet another puppet sssd module

Apache License 2.0

2 stars 3 forks source link

Don't show diffs by default #21

Open TheMeier opened 1 month ago

TheMeier commented 1 month ago

file resources in this module should set show-diff to false by default, since there is a high likelihood that files rendered by this module contain secrets

ekohl commented 1 month ago

Would it make sense to use Sensitive where possible? That way it automatically gets redacted if needed.

TheMeier commented 1 month ago

Given the very generic template, I don't immediately see how one would do that.

ekohl commented 1 month ago

EPP has special handling for Sensitive so if a users pass in any Sensitive instead of plain String I'd expect it to already do that.