Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Using global private environment to save secrets[INS-4715] #8233

Draft
wants to merge 23 commits into
base: develop
Choose a base branch
from

Conversation

cwangsmv
Copy link
Contributor

@cwangsmv cwangsmv commented Dec 5, 2024

Changes
Leverage global private environment to add built-in support secret management capabilities.
Add a new secret type environment key-value pair to store secret variables with the following features:

  • Secret environment variables will add a vault prefix automatically to distinguish with normal environment variables. If you define a secret environment called foo, you need to input {{ vault.foo }} to use as environment variable
  • Secret environment values are encrypted in the database
  • Secret environment values are masked unless in environment editor/variable editor modal/using in request
  • When the private environment is exported, a default placeholder string will replace its real value
  • When user has rest the encryption key (aka: vault key) in other devices, all local secret environment variables will be removed
Screenshot 2024-12-05 at 14 44 33

We also introduce a new term Vault Key.
Vault key is used to encrypt/decrypt secret environment variables, it is not synced to the cloud, so users need to save the key themselves.
User could reset the vault key, but this will remove local secret environments in all devices.
Add a new UI in Preferences page for management:
Screenshot 2024-12-05 at 14 59 05
By default, we will save the vault key in OS native secret manager(like KeyChain in MacOS).

Tasks

  • Add new UI for secret environment variables
  • Secret environment variables processing logic
    • Mask value unless in editor and request
    • Encryption/Decryption logic
  • Vault key UI
    • New vault key management UI in Preferences modal
    • API integration and SSE event handling
    • Vault key/hash CRUD operations
  • Pre-requset & After-response support
  • CLI Support

This PR relies on #8190 to merge first.

@cwangsmv cwangsmv marked this pull request as draft December 5, 2024 07:08
@cwangsmv cwangsmv force-pushed the feat/vault-environment branch from a546711 to f8cb14d Compare December 9, 2024 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant