Improve obfuscation guidelines with further examples (masking, tokens, and passwords)
Description
Obfuscation guidelines for email were added in feat(Obfuscation): add obfuscation guidelines (!3217 - merged)
There are other types of obfuscation in GitLab that could be documented in Pajamas.
Passwords and SSH keys
Passwords and SSH keys might make sense here too
Passwords use the browser default obfuscation:
SSH keys are not obfuscated for now but should probably be. Although, I am not sure if it's because the one in user settings is the public and not the private one
🤔
See also: Password Vue component (#1528)
URL masking
here's the issue: gitlab-org/gitlab#361582 (closed)
Tokens
Here's another example of obfuscating secretive data. The registration token for runners is obfuscated because if someone outside of your org compromises it, they can get access to sensitive data in your jobs. We'll soon be deprecating the registration token, but the same treatment will go for the runner authentication token.
The log in screen is the first interaction users would see. Creating access tokens is another:
Group, project, personal - access tokens feed and incoming email tokens I know there are also
deploy
tokens, but I don't normally see those.
we have a shared reusable component that is used in a few places: https://gitlab-org.gitlab.io/gitlab/storybook/?path=/story/vue-shared-form-input-copy-toggle-visibility--default
I think all of the places this component is used have been mentioned already. I am not aware of other places that have this pattern
Checklist
Make sure the following are completed before closing the issue:
-
Assign the correct component label to this issue. -
Create an MR with the additions or updates needed. -
When applicable, create an issue using the Figma update
issue template to update the component in Figma, and mark it as related to this one. Bring the issue to your team planning session for prioritization and scheduling. -
When applicable, create an MR in GitLab UI to update the component. If you do not have capacity or are unable to update the component directly, create a GitLab UI issue using the Component
issue template. Mark the new issue as related to this one. Bring the issue to your team planning session for prioritization and scheduling. Mark the issue as related to this one. -
When introducing a major or breaking change, communicate the changes within the Engineering Week in Review and UX Weekly meeting. -
🎉 Congrats, you made it! You can now close this issue.