Skip to content

fix(config): mask secret key input during exo config add (SC ID: 170579)#810

Merged
natalie-o-perret merged 3 commits intomasterfrom
fix/config-add-mask-secret-key
Mar 12, 2026
Merged

fix(config): mask secret key input during exo config add (SC ID: 170579)#810
natalie-o-perret merged 3 commits intomasterfrom
fix/config-add-mask-secret-key

Conversation

@natalie-o-perret
Copy link
Contributor

@natalie-o-perret natalie-o-perret commented Mar 10, 2026
edited
Loading

Description

This PR introduces improvements to the handling of secret keys in the configuration workflow, updates dependencies to enhance security and compatibility, and upgrades CI tooling for better linting.

The most notable change is that secret keys are now hidden during input, addressing a previous security issue.

Security and UX improvements:

  • Secret key input for exo config add is now hidden from plain text display, using term.ReadPassword to mask input. This prevents accidental exposure of sensitive information.
  • Added a bug fix entry to CHANGELOG.md documenting that the secret key is no longer shown in plain text during configuration.

Dependency updates:

  • Added golang.org/x/term import in cmd/config/config_add.go to support secure password input.
  • Updated go.mod to specify toolchain go1.25.8, ensuring compatibility with the latest Go tooling.

CI/CD improvements:

  • Upgraded golangci-lint-action from v6 to v7 in .github/workflows/golangci-lint.yml and enabled only-new-issues to focus linting on new code issues.

Checklist

(For exoscale contributors)

  • Changelog updated (under Unreleased block, and add the Pull Request #number for each bit you add to the CHANGELOG.md)
  • Testing

Testing

Manual Testing + e2e

@natalie-o-perret natalie-o-perret force-pushed the fix/config-add-mask-secret-key branch 4 times, most recently from 65feb46 to 15ed3ca Compare March 10, 2026 11:08
@natalie-o-perret natalie-o-perret marked this pull request as ready for review March 10, 2026 11:19
@natalie-o-perret natalie-o-perret force-pushed the fix/config-add-mask-secret-key branch 2 times, most recently from 4264f0d to 7131f70 Compare March 10, 2026 11:44
@natalie-o-perret natalie-o-perret requested a review from a team March 10, 2026 15:32
@natalie-o-perret natalie-o-perret changed the title fix(config): mask secret key input during exo config add fix(config): mask secret key input during exo config add (SC ID: 170579) Mar 10, 2026
habfast
habfast reviewed Mar 11, 2026
View reviewed changes
@natalie-o-perret natalie-o-perret force-pushed the fix/config-add-mask-secret-key branch 2 times, most recently from 6cefcee to e733467 Compare March 11, 2026 08:27
@natalie-o-perret natalie-o-perret marked this pull request as draft March 11, 2026 08:50
@natalie-o-perret natalie-o-perret force-pushed the fix/config-add-mask-secret-key branch from 9a6c93a to 75db98f Compare March 11, 2026 08:53
habfast
habfast approved these changes Mar 12, 2026
View reviewed changes
Copy link
Contributor

@habfast habfast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image

@natalie-o-perret natalie-o-perret marked this pull request as ready for review March 12, 2026 09:47
@natalie-o-perret natalie-o-perret merged commit 6df7db4 into master Mar 12, 2026
6 checks passed
@natalie-o-perret natalie-o-perret deleted the fix/config-add-mask-secret-key branch March 12, 2026 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@habfast habfast habfast approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@natalie-o-perret @habfast