To support the secure storage of runtime external access credentials or tokens, it would be useful to have the ability to set Site Properties as Encrypted.
CA
That would be great if that would be supported by platform by default, you have my vote.
In our project we used a Entity to store that... This is really a great ideia!
Nice to have it.
As a heads up, my Application Framework already does this... Site Properties have a number of places for improvement which are already addressed by using this framework's configuration system (can't import/export, can't control caching, etc.).
https://www.outsystems.com/forge/component-overview/5944/application-framework
J.Ja
If platform supports it by default that would be nice.
Excellent idea Carlos!
I was thinking about this last week but then I found your idea.
+1
This would be very useful +1
It would be nice if OutSystems provides an option in Service Studio to mark a Site Property as Secured for additional security of tokens, and other values that might be set in a Site Property.
After data entry of the Site Property Default Value in Service Studio or Effective Value in Service Center the value should be hidden like it is done with Password inputs.
This is used in applications like Bitbucket too.
Hi Daniël,
Isn’t the goal of your idea somewhat similar to Carlos’ idea?
https://www.outsystems.com/ideas/7639/encrypted-site-properties
Regards,
Nordin
He Nordin,
Your right, funny think I even liked that idea, then forgot about it, so mine can be merged or removed (i cannot remove it myself).
Daniel
If this is not the place to put this apologies but wanted to share our temporary remedy for this in the mean time.
We have a Security Module that handles all org-wide Site Properties that need encrypted that utilizes the following process :
Currently, Site Property values are visible to everyone that as access to it's module. Would be great to be able to set a Site Property has a secret and when that happens it's value would be hidden on Service Center or Studio (similar to what already happens with Password on REST API Basic Authentication) but also encrypted on database.
On Postman, when configuring parameters of an environment we have this option as shown below:
it would be interesting
Hi Patrícia,Thanks for your suggestion. We will be looking into how we could introduce this into our product, but we don't have any specific timeline when this could happen yet.Best regards,Paulo Sebastião
Many times there are properties which are secrets and should not be visible on service center.
Idea is the property value should not be visible on service center, but can be replaced with a new value just like how Azure/AWS/Bamboo secrets work. This can be achieved 2 ways :
A> mark the property as secret so it can be handled by Framework appropriately. On service center value should not be displayed.
B> Any property that have word 'secret' or 'password' in its name - should be treated automatically like a secret with above mentioned functionality.
There is a work around for this via crypto API, but that adds a coding overhead, maintenance overhead, and having properties spread at multiple places.
Thanks !
Vikas
really great idea its sounds good!!
This idea was introduced a few years ago already by OutSystems MVP Carlos Alfaro.
https://www.outsystems.com/ideas/7639/encrypted-site-properties/
Please merge!
Hi Carlos,Thanks for your suggestion. We will be looking into how we could introduce this into our product, but we don't have any specific timeline when this could happen yet.Best regards,Paulo Sebastião
Currently all the Site Properties and we have lots of confidential and secure values in site properties. We really need a feature where we mark a site property as secure and the value is shown as *** the way AWS parameter or Security Manager does. This is must have feature.
Fully agree, this is pretty much a must. The proposed workarounds with encrypting/decrypting to get a round this are too much.
This should be a pretty simple implementation. Hide or Not.
It would be much apprectiated if it could be a default feature, as already provided in ODC by the "set as secret" feature.
Rande is right it could be one functionality similar to ODC
Good Day,
Is there a way for us to masked the value of the current effective value of Site Properties when we view it in service center, instead of displaying the actual value for additional security purposes
Thanks and Regards,
Raphael Laurence Reyno
Please search first if the idea exists already, I will merge it.
Site properties can now be defined as a Secret, as described in the release notes for Platform Server 11.25.https://success.outsystems.com/support/release_notes/11/platform_server/Following our release cycle policy, 11.25 is now available on the OutSystems Cloud and will be available for self-managed installations in a couple of weeks.
This is great news. A really needed feature for secure properties.
Good News. Really useful.