evcc icon indicating copy to clipboard operation
evcc copied to clipboard

Published 20 hours ago verified publisher icon evcc-io

Secrets removal fix

Open tarelda opened this issue 2 years ago • 7 comments

Fix #4978

As discussed fix in #4978 for secrets obfuscation function. I also added idtag since it contains RFID carried token for access to charger.

tarelda avatar Oct 29 '22 23:10 tarelda

I don't think we should fix this this way. Rather, we should first standardise the ways of specifying tokens in evcc. access and refresh already are filtered. The problem is more that there is also accesstoken and refreshtoken.

One strength of the evcc codebase is having always the same, repeating patterns. Solve problems once and for good. We need to check the different token types here and deprecate the old settings.

andig avatar Oct 30 '22 09:10 andig

I don't think we should fix this this way. Rather, we should first standardise the ways of specifying tokens in evcc. access and refresh already are filtered. The problem is more that there is also accesstoken and refreshtoken.

One strength of the evcc codebase is having always the same, repeating patterns. Solve problems once and for good. We need to check the different token types here and deprecate the old settings.

This matches them too. So intended behaviour was to match only listed configuration keys not their variations?

Maybe we can wrap tokens in tokens/secrets node in configuration file. I think something like this can do the trick:

- name: something cool
  option: for something very cool
  tokens:
    access: ****
    refresh: ****
    bazinga: ****

Since you can't make solution for everything also filter-out few keywords that just makes sense to be private. Like VIN or SerialNumber.

I really don't know much about EVCC config schema system, but maybe there is a way to mark keys that are supposed to be considered private?

tarelda avatar Oct 30 '22 09:10 tarelda

@premultiply

One strength of the evcc codebase is having always the same, repeating patterns. Solve problems once and for good. We need to check the different token types here and deprecate the old settings.

That is access vs. accesstoken etc...

andig avatar Nov 01 '22 11:11 andig

Also zu?

premultiply avatar Nov 01 '22 11:11 premultiply

Ne, lieber den Root Cause beheben, hab mich aber noch nicht auf die Suche gemacht.

andig avatar Nov 01 '22 11:11 andig

Maybe drop displaying config in webui after all? Or this is aimed at preparing bug reports?

tarelda avatar Nov 02 '22 09:11 tarelda

Or this is aimed at preparing bug reports?

Yes, that's the idea.

andig avatar Nov 02 '22 10:11 andig

Closed in https://github.com/evcc-io/evcc/commit/84102661164d60fc726d1d5953aba4d841547ff1, thanks for the PR!

andig avatar Jan 22 '23 12:01 andig