massa icon indicating copy to clipboard operation
massa copied to clipboard

Published 20 hours ago verified publisher icon massalabs

Hide both secret(private) + public keys by defaut in `wallet_info`

Open aoudiamoncef opened this issue 2 years ago • 3 comments

Actual:

command > wallet_info
WARNING: do not share your key
Secret key: S12S57nLY3Mp2Q6ciWZMvAucMyUgdsPPG1m46Ly9ibDh2tqCP3gF
Public key: P1L2bCTc5pYa1HXL5LtGF67kk1z4ehbNZb2xrVbCYaLSKXvmZgZ
Address: A1XCXQ8t5xFqheAmY81Pw2pPT3cti9NZ2JeefzeeWiLyCXJAQ2t (thread 8):
        Balance: final=0, candidate=0
        Rolls: active=0, final=0, candidate=0


=====

Expected:

command > wallet_info
WARNING: you could display secret(private) + public by adding `--show-all-keys`(For example or remove this line)
Address: A1XCXQ8t5xFqheAmY81Pw2pPT3cti9NZ2JeefzeeWiLyCXJAQ2t (thread 8):
        Balance: final=0, candidate=0
        Rolls: active=0, final=0, candidate=0

aoudiamoncef avatar Nov 25 '22 10:11 aoudiamoncef

Part of #3166

AurelienFT avatar Nov 25 '22 10:11 AurelienFT

One approach that might be interesting: oauth2 crates approach. See the secret function.

From my surface-level understanding, a type can be turned into a secret-type through the use of a macro. This causes the Display implementation for that type to output [redacted] instead of the value, but also generates a secret method to leak the actual value. If this sounds interesting, I can dig around in the code, look around for stand-alone libraries etc. and brief the team when ready.

Ben-PH avatar Dec 04 '22 01:12 Ben-PH

related to #3369, which addresses this issue in a more general context

Ben-PH avatar Jan 04 '23 11:01 Ben-PH

Closed as part of #3166

Leo-Besancon avatar Jan 24 '23 17:01 Leo-Besancon