How to proper handle backend only columns in shapes?

[gartz]

First of all, I want to say I really appreciate the concepts behind Electric-SQL—it's an amazing project!

While learning about the shapes for proxy/gatekeeping, I noticed the recommendation to filter out sensitive or backend-only columns to ensure they aren't exposed to the client. However, I observed that the electric-schema header still includes columns that are not part of the shape.

Example

For instance, a users table might include sensitive columns such as salt and password_hash, which shouldn't be synced with the client. However, columns like username and email should be exposed. Despite excluding sensitive columns from the shape, they still appear in the electric-schema header.

Question

What is the best approach to address this issue? Could the documentation provide more clarity on this scenario? Some potential solutions I've considered are:

1. Creating a View Table: Define a database view that includes only the columns the client should access. Use this view in the shape definition instead of the original table.
2. Manipulating the electric-schema JSON: Modify the schema header to include only client-safe columns before propagating it.

Could you provide guidance on the recommended approach or suggest a best practice? Additionally, if a specific method is preferred, it would be helpful to include it in the documentation for others encountering this scenario.

Thank you for your time and for building such an exciting tool!

[KyleAMathews]

This seems like a bug actually :-D The "columns" feature was added fairly recently and it looks like we forgot to filter the schema down to just the selected columns.

You could definitely trim down the schema yourself in the meantime in your proxy but we should be able to get this fixed fairly soon.

[gartz]

Thank you for getting back to me so quickly. I'm glad I could be helpful to the project.