Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a wrapper type for sensitive string data. #14260

Closed
tobz opened this issue Sep 2, 2022 · 1 comment
Closed

Create a wrapper type for sensitive string data. #14260

tobz opened this issue Sep 2, 2022 · 1 comment
Assignees
Labels
domain: config Anything related to configuring Vector domain: enterprise Anything related to Vector's enterprise features (Observability Pipelines) domain: security Anything related to security have: must We must have this feature, it is critical to the project's success. It is high priority.

Comments

@tobz
Copy link
Contributor

tobz commented Sep 2, 2022

Context

As part of the ongoing configuration schema work, we've identified a common pattern of having configuration fields that carry sensitive data -- passwords, API tokens, and so on -- but have no easy way to identify themselves as being sensitive information.

This can be a problem for a few reasons:

  • the configuration schema won't expose this, which makes using it to generate context-aware warning labels, or hiding of values in UIs/forms based on the schema, a manual process, which is prone to error
  • we may unintentionally emit these strings into logging since they are generally using String which will show up in both Display and Debug-based usages

Solution

We should introduce a newtype wrapper, tentatively called SensitiveString, which wraps a String internally and has the following characteristics:

  • (de)serializes as a String (drop-in compatible with String for serde purposes)
  • sets configurable-based metadata to indicate that it is a "sensitive" string
  • Display and Debug implementations that emit **REDACTED**, or some sentinel value like that
  • no implicit Deref implementations, to avoid unwittingly exposing the value
  • dedicated accessors to pair with the above, such that users has to consciously make an effort to get the value out, forcing them to deal with the value in a way that makes it more obvious why the type is being used
@tobz tobz added domain: config Anything related to configuring Vector domain: security Anything related to security have: must We must have this feature, it is critical to the project's success. It is high priority. domain: enterprise Anything related to Vector's enterprise features (Observability Pipelines) labels Sep 2, 2022
@jdrouet jdrouet self-assigned this Sep 6, 2022
@jszwedko
Copy link
Member

Closed as this was implemented by the introduction of SensitiveString.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
domain: config Anything related to configuring Vector domain: enterprise Anything related to Vector's enterprise features (Observability Pipelines) domain: security Anything related to security have: must We must have this feature, it is critical to the project's success. It is high priority.
Projects
None yet
Development

No branches or pull requests

3 participants