Open nedhanks opened 1 year ago
@nedhanks Thanks for sharing this feedback (where the rubber meets the road). Will mention this to the team.
Thanks for submitting @nedhanks. We do have secret redation for certain keys listed in our docs: https://docs.warp.dev/features/secret-redaction#secret-regex-list
To anyone else interested in this feature, please add a :+1: to the original post at the top to signal that you want this feature, and subscribe if you'd like to be notified.
As a possible stopgap for your feature, you can try and add the regex pattern for your preferred keys in Warp > Settings > Privacy.
I know, but this only works if the 'value' matches. There are many times where there value will not match. Another example is database connections where username and password are in the value. Or URLs with username:password in the value.
I have set a custom regex for aws_secret_access_key, but this redacts the whole line, not just the value.
An option is to use regex parens/fields. ex: AWS_SECRET_ACCESS_KEY=(.*). Then redact whatever is in the parens.
@nedhanks Really appreciate you filing this issue. I'd love to better understand why regexes don't work for your use case and why it's redacting the whole line.
Is the secret a single word? If so, could you use a regex like AWS_SECRET_ACCESS_KEY=\w+
to solve this?
Example extra regex:
AWSPROFILE=([A-Za-z0-9-]+)
$ env | grep AWS
*****************************
AWS_REGION=us-west-2
So warp redacts the whole line/regex, not just the matched part.
Another way of formulating this issue:
TOKEN=patcc3456ou3456oiu3456
?patcc[a-zA-Z0-9.]+
) then how do I remember what my custom regex was for?Possible solutions:
If the regex contains parentheses (i.e. TOKEN=(patcc[a-zA-Z0-9.]+)
) then only hide the regions matched by those (i.e. TOKEN=*************
). Optionally allow the hidden text to be replaced by some user-defined text (i.e. TOKEN=🔑
).
Allow the users to name the custom regexes.
In one of my scenarios I am trying similar one like QUAYIO_PASSWORD=(.*)
and when I did echo $QUAYIO_PASSWORD
I see the secret is still not masked.
In #5393 I've suggested a more generalized and flexible approach that would cover these use cases.
Discord username (optional)
ned_hanks
Describe the solution you'd like?
Is your feature request related to a problem? Please describe.
Additional context
No response
How important is this feature to you?
3
Warp Internal (ignore) - linear-label:770f6576-d6c0-4e4f-a259-fc64b5156087
None