Securely Masked Variables #1468
Labels
feature request
New feature or request
Comments
|
@Matt-McHale thanks for the feedback. You can mask headers in reports from CLI. example: for more info run command Can you explain the use-case about masking variables in Output Window? |
|
A similar approach would work when running in interactive mode. When the user clicks the lock button to hide/show the environment variable in the update environment screen. Not only would it be hidden in the Environment UI, it would also be hidden in the output.
OUTPUT:
When running from within VS Code, the user has the option to View->Output (CTRL+SHIFT+U) and select Thunder Client as the source of the output.
The output displayed includes the header information (which exposes these values to the user).
Additionally, when the user chooses to Run All requests in a collection and export the results as HTML or JSON, the request headers include these secret values.
Currently these values are set as variables within the global environment and are not exposed via collection, environment, or request exports.
|
|
Why do you need to mask variables in the Output window? This data is only visible to you right? Most users want to see actual values sent to request in console output. |
|
Highest priority is in the run collection export.
The Output window is advantageous because the secrets are populated by a pre-run script that retrieves the values from secured storage (where the users active directory credentials are used to validate the user). While I know just masking the credentials doesn't completely secure them, it is a step in the right direction.
|
|
Thanks, got it. You can mask headers in reports from CLI. example: for more info run command Please test above and let me know if you have any issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Provide a mechanism for masking variables that would not be included in the console output and in the test exports.
Current Example:
Raw Headers.
Accept: /
User-Agent: Thunder Client (https://www.thunderclient.com)
Content-Type: application/json
client_id: {{client_id}}
client_secret: {{client_secret}}
Environment Used: Sandbox (Collection Attached)
Request Url: https://www.fakeURL.com
Method: POST
Request Headers:
{
"client_id": "FakeClientId",
"client_secret": "FakeClientSecret",
"content-length": "1279",
"accept-encoding": "gzip, deflate, br",
"Accept": "/",
"User-Agent": "Thunder Client (https://www.thunderclient.com)",
"Content-Type": "application/json"
}
Desired
Raw Headers.
Accept: /
User-Agent: Thunder Client (https://www.thunderclient.com)
Content-Type: application/json
client_id: {{secure:client_id}}
client_secret: {{secure:client_secret}}
Request Url: https://www.fakeURL.com
Method: POST
Request Headers:
{
"client_id": "#############",
"client_secret": "##############",
"content-length": "1279",
"accept-encoding": "gzip, deflate, br",
"Accept": "/",
"User-Agent": "Thunder Client (https://www.thunderclient.com)",
"Content-Type": "application/json"
}
Using the Paid Version.
The text was updated successfully, but these errors were encountered: