Uploaded image for project: 'REST Client'
  1. REST Client
  2. MGNLRESTCL-113

Hide sensitive information from the rest call definiton query parameters / headers / etc.

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Neutral
    • 2.0
    • None
    • None
    • None
    • Yes
    • Yes
    • Declarative REST 14, Declarative REST 15
    • 3

    Description

      As a developer, I want to use values stored in the Password Manager in my REST calls, so that I can connect to APIs but not expose my API keys or secrets.

      Acceptance criteria

      • I can use values from the password manager¬†
      • In a header, parameter, path or body of REST call

      Context

      Many API's expect a text API key (sometimes called a secret or an API token) to be provided somewhere in the REST call. 

      For example: 
      http://api.openweathermap.org/data/2.5/forecast?q=London,us&APPID=11c86e6e92231833a10604185a855418

      Notes

      While working on the DRC presentation, i had configured api tokens in the rest call's headers - this might be a security issue for some users.
      I suggest to add an improvement, that would use password manager to hide the sensitive information. We could use a placeholder with password: prefix to denote that the value should be read from password manager and replaced with the password.

      Example:

      baseUrl: https://example.com
      restCalls:
        foo:
          headers:
            api_key: {@password:<UUID>}
      

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                jsimak Jaroslav Simak
                jsimak Jaroslav Simak
                Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD

                    Time Tracking

                      Estimated:
                      Original Estimate - Not Specified
                      Not Specified
                      Remaining:
                      Remaining Estimate - 0d
                      0d
                      Logged:
                      Time Spent - 7.5h
                      7.5h