If i ever get my config panel running, i would like to add some needed credentials.
How to “prodect” these kind of “secret” strings ? Is there something about this?
If i ever get my config panel running, i would like to add some needed credentials.
How to “prodect” these kind of “secret” strings ? Is there something about this?
ASAIK you can store them as app settings with the appropriate helper. Settings are stored in /etc/yunohost/apps/$app/settings.yml
, but /etc/yunohost
can only access by the admin
or root user.
Hm. Okay… There is no kind of “obfuscation” for this?
I don’t think it is implemented in the core. But nothing is preventing you from implementing it yourself.
[main.group.question]
ask = "Password"
type = "password"
Or if you want to be able to read the important info th a textfield:
[main.group.question]
ask = "Wifi passphrase"
type = "string"
redact = true
The redact property removes all occurencies in shared logs.
The password type use redact = true by default. In more, this password type don’t allow to display the secret in the api and in the cli.
Hm. Okay “password” / “redact” is nice.
In the past i implement a old idea for Django here: GitHub - jedie/django-user-secrets: Store user secrets encrypted into database
The main idea behind it: store “secrets” encrypted with the user login password. So the plain-text secret is only available in the scope of the login user.
Details here: GitHub - jedie/django-user-secrets: Store user secrets encrypted into database
Maybe this is also a idea for YunoHost?!?