Security on the mind
Introducing the --slack-replace-tokens
option! Now when you run Steno in record mode with this option enabled, your Slack API tokens will not be saved to scenarios on disk. Instead, Steno will generate a fake token in its place. Each time that happens, the console will show you the real token with the corresponding fake token.
How would I use this? The same workflow applies, you just don't need to hand-edit Slack tokens out of your interactions before committing them to your version control. So now you can just start Steno, use the app normally to record a scenario. Then, when you build the test case, you just use the generated fake tokens instead of fetching them from a real database or API. When you start the scenario in replay mode, Steno will be able to match your interactions with the generated tokens.
One more security feature: Steno used to generate filenames for interactions using the path of a request. We realized that some applications use querystring parameters for sensitive data, so the filenames would contain tokens. That's not ideal, so we changed that behavior. The best part is we were able to make that change without breaking old interaction files.
This release also includes a more helpful guide for using Steno with ngrok in the documentation.