-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DXCDT-316: More self-documenting reveal secret flag #591
Conversation
docs/auth0_apps_create.md
Outdated
@@ -21,29 +21,29 @@ auth0 apps create [flags] | |||
auth0 apps create --name myapp | |||
auth0 apps create --name myapp --description <description> | |||
auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m] | |||
auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m] --reveal | |||
auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m] --reveal-client-secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that when passing the --json
flag, the reveal flag will not only show the client secret, but the signing keys as well: https://github.com/auth0/auth0-cli/blob/v1/internal/display/apps.go#L244
Would it make sense to rename it to something a little more generic, like --reveal-secrets
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definitely makes sense 👍🏻 , updated in 9a0f016
(#591)
44d27bf
to
9a0f016
Compare
🔧 Changes
As noted by #488, the
--reveal
flag in theauth0 clients create
andauth0 clients update
commands is not very descriptive about what it is revealing. This PR is to make the flag more verbose to be clear about what behavior is being triggered. This is also important from a security perspective to reduce any accidental occurrences of revealing the secret unintentionally.While this appears to be a very trivial change, it is important to get as many potential breaking changes in before the upcoming v1.0.0 release.
📚 References
Original issue: #488
🔬 Testing
No functional changes. Appropriate changes made to existing tests.
📝 Checklist