feat: toggle visibility of secret envVars

[dw-0]

Description

Today at work i noticed, that environment variables which are configured as "secret" will be shown in plain text in the variable overview: username and password are configured as secret variables. This could lead to leaked credentials or any other secrets (there is a point why you mark them as secret right?) during MS Teams meetings while sharing you screen to other people and either want to show them something specific in that variables overview or you simply leak it by accident during other situations.

For that reason i implemented this feature. Now, by default, all secret variables are disguised by default and it requires the user to explicitly make those values visible by clicking on a new button:

In case we even want to disguise the actual length of a variables value, we could refrain from using the maskValue function defined in line 14 and used in line 29 and simply replace the whole envVar.value by a fixed length ***********-string for example.

Where i'm not 100% sure at the moment is the placement and visuals of the actual toggle button. I'm open to suggestions on how to improve the placement and overall visualization in the UI.

Contribution Checklist:

• [x] The pull request does not introduce any breaking changes
• [x] I have read the contribution guidelines.
• [x] Create an issue and link to the pull request.

---

closes #330 closes #1646

[pove]

Love it. Can this be also applied to the environment variable editor as well? I mean once you click on the "secret" checkbox while adding/editing variables.

There is an issue for that: #330

[dw-0]

@pove Ah okay, i didn't see that issue. But that probably makes sense, yes. So as soon as you tick the secret checkbox, mask the actual values with "*****" right?

[dw-0]

I pushed an update so secrets now get hidden in the env-var settings once selected as secret.

I see some checks are failing, will sort that out asap.

[dw-0]

I just merged main into this PR and resolved the conflict, so it's hopefully ready for the v1 merge :)

[dw-0]

@helloanoop Hey :) Do you think this PR could make it into one of the next releases? In case you want something changed, please let me know!

[dw-0]

@helloanoop Any chance getting this merged anytime soon?

[jzorn]

Great feature, I'd love to see it too!

[MPratley]

While in the area (At the risk of burdening this PR even more): Secrets are also currently exposed if you hover over a variable definition

Would probably be good to ***** blank them there too!

[dw-0]

Good point. Unfortunately, except for one reaction to the main post, this feature doesn't seem to be getting any attention from a maintainer. Perhaps there is no real interest. This PR was assigned to a milestone (v1), but the concept of milestones does not seem to be consistently implemented, otherwise this feature would have found its way into the codebase long ago.

For this reason, I am currently less interested in continuing to work on the feature without knowing whether it will be merged in the near future. The PR has existed for almost 5 months now.

[sanjai0py]

Hey @dw-0, thanks for the PR - the feature looks great! Can you please resolve the conflicts?

[dw-0]

I resolved the conflicts, i don't know why all tests are failing but it seems this PR is not the only one affected.

I did not manage to understand what needs to be changed to realize the proposal of @MPratley

[helloanoop]

Merged!

Thank you for working on this @dw-0 ! My apologies for the delay in the merge.

This will be shipped in the next outgoing release on 23 Mar 2024