core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon project-flogo

Remove JSON pre-processing for "SECRET:*" values

Open debovema opened this issue 7 years ago • 4 comments

This pre-processing is conflicting with secret.PropertyProcessor at https://github.com/project-flogo/core/blob/98a1d797692be81e068e9fecb1f80856e0ebab4e/engine/secret/config.go#L33

debovema avatar Jan 15 '19 15:01 debovema

@mellistibco General question... should we support secrets only in properties? Or anywhere in the flogo.json. If its just used in properties, it makes the secret management easier and also easier to refer to in other places (you only have to set it once). The only question is it too burdensome if someone just has one secret? Would it be too much to ask to force them to use a property?

fm-tibco avatar Jan 15 '19 17:01 fm-tibco

I tend to think that we should support SECRET: anywhere, especially considering the ui doesn't currently support adding and editing properties...

mellistibco avatar Jan 15 '19 17:01 mellistibco

Does it assist in generating a "secret"?

fm-tibco avatar Jan 15 '19 18:01 fm-tibco

I think the secrets can be used anywhere (using the expression syntax =$property[some.secret] but should be declared only in properties for consistency reason.

Even if the UI assists in generating a secret, it can do it in the properties section. Currently the "SECRET:..." patterns can be directly put in the activities configuration which is not a good practice IMHO.

Other use case is the ability to use a plain-text property and change it later in the development to a secret one.

Eventually, this PR is just about removing the duplicate processing of "SECRET:..." pattern, not about changing the secret resolving method (yet).

debovema avatar Jan 30 '19 15:01 debovema