Story #48
closedPlugins: Ability to flag sensitive data
0%
Description
I'll use an artificial example to explain the issue, but realize there are already legitimate use cases for this.Let's say an importer needs a username/password to access an external source. As of right now, there are two issues:* The importer configuration values are stored in plain text in the database.* The importer configuration is displayed, in its entirety, when using the built in ""pulp-admin repo list --details"" command.I think the solution is to add a new attribute to the plugin metadata section that lets the plugin tell Pulp the names of configuration values that contain sensitive data. That can cause Pulp to do the following:* Encrypt in some fashion that portion of the configuration when persisting to the database.* Decrypt those fields when retrieving the configuration only when it is going to be used by the plugin.* By comparison, when returning data about a repo's plugins, the field is returned encrypted.* Optionally, the built in extensions can detect which fields are encrypted and display a message to the user informing them that the value is present but hidden.I haven't thought through this solution 100% yet, but it's a start.