Hide secrets? #71
Comments
|
This is a good question, I don't know the answer though. Sort of related: is there a good way for an end user to check if sixtyfour is aware of the credentials they're using? |
That's not easy right now. |
|
There is pkgload::load_all()
sts_con <- con_factory("sts")()
sts_con$get_caller_identity()$UserId
[1] "xxxx"
$Account
[1] "xxxx"
$Arn
[1] "arn:aws:iam::xxx:user/xxx"Which answers the question:
But does not answer your question of
There's hacky ways to get credentials that pkgload::load_all()
sts_con <- con_factory("sts")()
sts_con$.internal$config$credentials$provider[[2]]()$access_key_id
[1] "xxxx"
$secret_access_key
[1] "xxxx"
$session_token
[1] ""
$access_token
[1] ""
$expiration
[1] Inf
$provider_name
[1] ""
attr(,"class")
[1] "struct"But maybe we can roll that up into a nicer fxn? I don't know if calling that internal method would cover all credential methods though Where STS is the Security Token Service, and the caller identity method is at https://www.paws-r-sdk.com/docs/sts_get_caller_identity/ |
In making a demo for this pkg, we talked about whether or not to hide secrets in the live demo and video to be made.
It's not terribly difficult to do so, but the big issue is that IF the use case for the function is creating secrets, then you can only see them once, so redacting them when created is a no go.
However, we could redact secrets for functions that may show secrets that already exist. I don't know off hand right now if there are any, but we could make a list of them if we want to do this.
cc @seankross
The text was updated successfully, but these errors were encountered: