Hide values for password fields

Created on 16 March 2022, almost 3 years ago
Updated 25 March 2024, 9 months ago

Problem/Motivation

We put placeholder values for passwords in config files, and then override the config with environment variables. In the admin UI though, Config Override Warn then puts the old and new password values in plaintext at the top of the form.

Steps to reproduce

Override a password field stored in config, and then visit the admin UI page for that password field.

Proposed resolution

Note that a password field has been overridden, but don't display the old or new values. There's no indication in config that something is a password field, so I'd guess it would have to check to see if the form is built using an input of type password.

Remaining tasks

User interface changes

API changes

Data model changes

Feature request
Status

Active

Version

1.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • 🇩🇪Germany c-logemann Frankfurt/M, Germany

    @Nikit
    Yes that's a problem. It would be nice to just control something for password values.

    Already implemented there is a config to hide very value. As long there is no settings form for that we also can use settings.php for this:

    $config['config_override_warn.settings']['show_values'] = FALSE;

Production build 0.71.5 2024