Remove secrets button

Question

Remove secrets button

Closed this issue 5 years ago · 3 comments

Is it easy to remove the secrets button ?
If you push secrets, select one sealed-secret, push decode : you have the clear password.
For security reasons, I want to disable this, possible ?

Answer 1 · 2020-01-28T12:15:34.000Z

Hi, currently this is not possible. I will have a look at this.

First idea is to introduce an environment variable DISABLE_LOAD_SECRETS (or flag) which disables the loadSecrets() and loadSecret() functions in the fronend. Also the corresponding API endpoints should return a 403 error then.

Answer 2 · 2020-01-28T19:30:59.000Z

Hi @solune, I created a new release 2.1.4, which includes the changes from #4.

Answer 3 · 2020-01-28T20:09:26.000Z

Already !! thanks a lot

…

On Tue, Jan 28, 2020 at 8:31 PM Rico Berger ***@***.***> wrote: Hi @solune <https://github.com/solune>, I created a new release 2.1.4 <https://github.com/ricoberger/sealed-secrets-web/releases/tag/2.1.4>, which includes the changes from #4 <#4>. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#3?email_source=notifications&email_token=ABUNOCSPG6VJCOLNHTN6UPTRACBXLA5CNFSM4KMQY752YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKES4LY#issuecomment-579415599>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABUNOCVQDGDCVHTSZMYBDVDRACBXLANCNFSM4KMQY75Q> .