Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set Env-vars to be hidden after creation #4835

Open
robmarcer opened this issue Nov 27, 2024 · 6 comments · May be fixed by #5043
Open

Set Env-vars to be hidden after creation #4835

robmarcer opened this issue Nov 27, 2024 · 6 comments · May be fixed by #5043
Assignees
@cstns
Labels
area:db Database released work area:frontend For any issues that require work in the frontend/UI customer request requested by customer feature-request New feature or request that needs to be turned into Epic/Story details headline Something to highlight in the release priority:high High Priority size:M - 3 Sizing estimation point
Milestone
2.14

Comments

@robmarcer
Copy link
Contributor

Description

Can an env-var be set to be 'secret' so that once the string is submitted it can't be extracted from the FF UI?

This was requested by the following customer - https://app-eu1.hubspot.com/contacts/26586079/record/0-1/24993051

Which customers would this be available to

Enterprise Tier Only (EE)

Have you provided an initial effort estimate for this issue?

I have provided an initial effort estimate
@robmarcer robmarcer added feature-request New feature or request that needs to be turned into Epic/Story details needs-triage Needs looking at to decide what to do size:S - 2 Sizing estimation point labels Nov 27, 2024
@robmarcer robmarcer added the customer request requested by customer label Nov 27, 2024
@joepavitt joepavitt added this to the 2.12 milestone Nov 27, 2024
@joepavitt joepavitt moved this to Todo in 🛠 Development Nov 27, 2024
@joepavitt joepavitt removed the needs-triage Needs looking at to decide what to do label Nov 27, 2024
@knolleary knolleary mentioned this issue Dec 3, 2024
Closed
@joepavitt
Copy link
Contributor

First iteration:

  • UI option to hide the value
  • Server-side work to store this configuration for each env var

Second Iteration:

  • Encryption of these variable values in storage

@joepavitt joepavitt added area:frontend For any issues that require work in the frontend/UI area:db Database released work labels Dec 16, 2024
@knolleary knolleary added the priority:high High Priority label Jan 16, 2025
@joepavitt joepavitt added the headline Something to highlight in the release label Jan 17, 2025
@joepavitt joepavitt moved this from Todo to Up Next in 🛠 Development Jan 17, 2025
@joepavitt joepavitt modified the milestones: 2.12, 2.14 Jan 17, 2025
@Steve-Mcl
Copy link
Contributor

Steve-Mcl commented Jan 17, 2025
edited
Loading

Care point - exporting of snapshots can include the env var values. Consider an option to include/exclude secrets?

@cstns
Copy link
Contributor

cstns commented Jan 17, 2025

I think that would complement this feature nicely

@cstns cstns moved this from Up Next to In Progress in 🛠 Development Jan 17, 2025
@cstns
Copy link
Contributor

cstns commented Jan 17, 2025

Had a discussion with @Steve-Mcl. The first iteration is pretty straightforward, but hidden environment variables will still be accessible to the Node-RED instance and snapshots.

If we’re focusing solely on hosted instances, encryption would be the appropriate approach for handling hidden environment variables. However, this wouldn’t work for remote instances since encrypted variables would need to be decrypted and re-encrypted each time credentials are regenerated via the device agent configuration. Additionally, the device agent would require some adjustments to accommodate this.

Steve suggested aligning the approach with how Node-RED handles credentials, and I tend to agree.

@Steve-Mcl
Copy link
Contributor

Steve suggested aligning the approach with how Node-RED handles credentials, and I tend to agree.

To be clear, I stated Node-RED has a mechanism for credentials - if desired (possible?), we might wish to utilise those since they remain encrypted on file.

The other points discussed were that snapshots (currently) store the env vars as Key/Value pairs & it is not currently possible to identify them as being "protected" thus not able to prevent them being downloaded from the snapshot download UI to reveal the env vars set as secret. Changing these would require the whole mechanism of snapshots (API, launcher, device agent) to have awareness of the enhanced format.

@joepavitt joepavitt added size:M - 3 Sizing estimation point and removed size:S - 2 Sizing estimation point labels Jan 17, 2025
@cstns
Copy link
Contributor

cstns commented Jan 17, 2025

Thank you for clearing that out!

@cstns cstns linked a pull request Jan 21, 2025 that will close this issue
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cstns cstns

Labels
area:db Database released work area:frontend For any issues that require work in the frontend/UI customer request requested by customer feature-request New feature or request that needs to be turned into Epic/Story details headline Something to highlight in the release priority:high High Priority size:M - 3 Sizing estimation point
Projects
🛠 Development
Status: In Progress
Milestone
2.14
Development

Successfully merging a pull request may close this issue.

Allow env var values to be hidden in UI FlowFuse/flowfuse
5 participants
@knolleary @cstns @Steve-Mcl @robmarcer @joepavitt