Replies: 2 comments
-
|
I'm a bit reluctant to this request, since it's not totally clear to me, how it should behave in detail? Also I see the work that's needed to implement a new Since not all secrets need to be a You said a So it's currently more like a pattern, which involves a I'd like to hear what @lihaoyi thinks about secrets in Mill. |
Beta Was this translation helpful? Give feedback.
-
|
There is probably something here, but we would need to be clear about what kind of security model we are proposing. Right now, Mill assumes there is no security boundary, so secrets "kept in memory", "cached on disk", or "passed by the user" are all in the same domain. IMO this probably should be discussed more rigorously before we can define exactly what the problem space is, and what concrete thread model we want to mitigate. Until then, it's too early to talk about |
Beta Was this translation helpful? Give feedback.
-
None of the task types provided by default are ideal for handling secrets like credentials.
T.workeris close, but keeps the value in memory in the long-running background process.T.inputseems ideal for reading credentials out of environment variables and such, but it writes the secret to disk which is obviously not what you'd want.A
T.secretwould work similarly toT.input, but would not write the return value to JSON. The hash value could still be stored so that caching works the same way (it would need to be looked into if the default.hashCodewould be appropriate, or if we should do something like use Java serialization run through a cryptographic hash and take the first couple bytes to use as the hash).This is also a usability boon because it offers an obvious thing to use for sensitive values for new users of mill who haven't dug into each type of task and the cache system.
A workaround for users in the meantime would be to use
T.inputwith a customcase class Secret[A](a: A)which has a JSON serializer which always outputsnull.Beta Was this translation helpful? Give feedback.
All reactions