Secret Support for MultiHttp and Scripted checks
jacob-martinez-cw opened this issue · 1 comments
What would you like to be added:
We are looking into using MultiHttp to first grab an oauth2 token and use this token on subsequent request, since HTTP checks do not support oauth2 out of the box. Ideally we would like to add an option to pass the client secret as a blocked out field once saved that is not viewable again.
Why is this needed:
Security reasons to not expose the client secret to any user with check edit access.
Additional context
Add any other context or screenshots about the feature request here.
Thanks for the feature request @jacob-martinez-cw! We've had some talks about secrets management, but we don't have anything super solid on the roadmap at the exact moment. I'll bring this up with the team again to see what we can do.