GitHub user ahgittin opened a pull request:
https://github.com/apache/incubator-brooklyn/pull/484
obfuscate passwords and credentials in the gui (literal "shadow passwords")
applies text shadowing to blur keys that say obvious things like "password"
and "credential",
to config table and sensors table. clears up when you click it.
this prevents people looking over your shoulder from seeing things they
shouldn't,
but it doesn't block REST access, and if you click on it you can still see
it.
(this is a common trick done at AWS & SL, btw.)
a separate feature is to enforce visibility of sensors; this can be done
with entitlements on a per-sensor basis
but it might be nice to have an easy entitlements mode where "sensitive"
info is not available,
and options on config keys (similar to how i just did it with
ConfigInheritance,
in https://github.com/apache/incubator-brooklyn/pull/483) to allow
ConfigSensitivity.
an easy way to test is:
curl -v -X POST -H "Content-Type: application/json" --data \"foo\"
http://127.0.0.1:8082/v1/applications/YKH2Dp3E/entities/NN0BJzNA/sensors/my_secret
here's what it looks like:
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ahgittin/incubator-brooklyn
jsgui-hide-passwords
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-brooklyn/pull/484.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #484
----
commit 851f91ac3df97fe82ab5ece2aca7ce70456b8ccc
Author: Alex Heneveld <[email protected]>
Date: 2015-01-28T15:54:26Z
obfuscate passwords and credentials in the gui (literal "shadow passwords!")
applies text shadowing to blur keys that say obvious things like "password"
and "credential",
to config table and sensors table. clears up when you click it.
this prevents people looking over your shoulder from seeing things they
shouldn't,
but it doesn't block REST access, and if you click on it you can still see
it.
(this is a common trick done at AWS & SL, btw.)
a separate feature is to enforce visibility of sensors; this can be done
with entitlements on a per-sensor basis
but it might be nice to have an easy entitlements mode where "sensitive"
info is not available,
and options on config keys (similar to how i just did it with
ConfigInheritance,
in https://github.com/apache/incubator-brooklyn/pull/483) to allow
ConfigSensitivity.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
