feat: Using global private environment to save secrets[INS-4715] #8233
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cwangsmv
force-pushed
the
feat/vault-environment
branch
from
a546711 to
f8cb14d
Compare
cwangsmv
force-pushed
the
feat/vault-environment
branch
2 times, most recently
from
b453cd8 to
bfb3d55
Compare
2.secret key-value pair ui
2.Add basic integration with AWS 3.Add vault secret cache and config UI
2.add a hook to get user plan
2.AWS secret nunjuckt tag config UI
…lobal environment 2.mask all secret items value when export
2.Add download vault key function
2.api and encrypt/decrypt integration
2.add notification and remove secrets
2.Modify rendering logic to expose decrypted secrets to script
cwangsmv
force-pushed
the
feat/vault-environment
branch
from
9b384d8 to
3f66590
Compare
jackkav
reviewed
Jan 8, 2025
ihexxa
reviewed
Jan 9, 2025
| } | ||
| return Reflect.get(target, prop, receiver); | ||
| }, | ||
| set: (target, prop, value, receiver) => { |
There was a problem hiding this comment.
We may not support this?
Another irrelevant minor observation is, when environment.set is called in script, open the environment modal, it will not be shown in the key-value mode until switching to the json mode and back.
There was a problem hiding this comment.
Fixed, do not allow set method in vault script.
For the second issue found, I've created a ticket to fix the bug.
ihexxa
reviewed
Jan 10, 2025
|
|
||
| export const name = 'Environment'; | ||
| export const type = 'Environment'; | ||
| export const prefix = 'env'; | ||
| export const vaultEnvironmentPath = 'vault'; |
There was a problem hiding this comment.
What will happen if vault is an existing key in environment?
There was a problem hiding this comment.
If user has legacy environment with vault as key and enable insomnia vault with vault environments:
- If the legacy environment value is not an object, will throw render Error message telling user to change the environment key
- If the legacy environment value is object/array, will merge existing vault environment values together under vault property
Will add smoke test to cover this
ihexxa
reviewed
Jan 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Leverage global private environment to add built-in support secret management capabilities.
Add a new secret type environment key-value pair to store secret variables with the following features:
We also introduce a new term Vault Key.
Vault key is used to encrypt/decrypt secret environment variables, it is not synced to the cloud, so users need to save the key themselves.
User could reset the vault key, but this will remove local secret environments in all devices.
Add a new UI in Preferences page for management:
Vault secrets can be used in scripts if user set Enable vault in scripts in settings. (Only allow to get vault secret value, set/unset/clear methods are not allowd)
The pattern is
Tasks