Skip to content

Instantly share code, notes, and snippets.

@brandur

brandur/resource-symbols.md Secret

Last active August 29, 2015 13:57
Show Gist options
  • Save brandur/22d1619aad74d08d2ad0 to your computer and use it in GitHub Desktop.
Save brandur/22d1619aad74d08d2ad0 to your computer and use it in GitHub Desktop.
Download ZIP
Resource Symbols Summary
Raw
resource-symbols.md

Resource Symbols

Resource symbols are an added feature to implicit attachments that provide a number of small improvements to the user experience:

  • Obscure sensitive connection strings and secrets when printing to the console.
  • Prevent secrets from leaking into bash history as customers use config:set.
  • Show meaningful values to user that help them associate config vars with the resources they own.
  • For implicit attachments, they allow us to show meaningful errors to users when they tried to create an illegal attachment.

They aren't designed to completely block access to sensitive information and will still provide a mechanism for users to reveal their secrets when necessary.

Resource symbols are a rehash of a very old concept at Heroku (originally known as resource masks) that we've traditionally had trouble shipping.

Demonstration

A user adds a resource to their app:

$ heroku addons:add heroku-postgresql:dev -a app-with-addons-122
Adding heroku-postgresql:dev on app-with-addons-122... done, v21 (free)
Attached as HEROKU_POSTGRESQL_COPPER_URL
Your new database is available immediately!.
Use `heroku addons:docs heroku-postgresql` to view documentation.

When listing config, they now see a resource symbol instead of a connection string:

$ heroku config -a app-with-addons-122
=== app-with-addons-122 Config Vars
HEROKU_POSTGRESQL_COPPER_URL: @resource:heroku-postgresql:hoping-sagely-9852

The connection string can still be revealed by issuing a direct get on the name of the config var:

$ heroku config:get HEROKU_POSTGRESQL_COPPER_URL -a app-with-addons-122
postgres://user:pass@host:1234/db

Now, in the same vein as implicit attachments, the resource's symbol can be used to create an attachment to it. Note how this keeps it out of shell history:

$ heroku config:set DATABASE_URL="@resource:heroku-postgresql:hoping-sagely-9852" -a app-with-addons-122
Setting config vars and restarting app-with-addons-122... done, v23
DATABASE_URL: @resource:heroku-postgresql:hoping-sagely-9852

Both config vars now point to the same place:

$ heroku config -a app-with-addons-122
=== app-with-addons-122 Config Vars
DATABASE_URL:                 @resource:heroku-postgresql:hoping-sagely-9852
HEROKU_POSTGRESQL_COPPER_URL: @resource:heroku-postgresql:hoping-sagely-9852

And once again, the original value can be revealed through either one of them:

$ heroku config:get DATABASE_URL -a app-with-addons-122
postgres://user:pass@host:1234/db

By recognizing the format of a resource symbol, we can also provide errors messages for when the user attempts to create illegal attachments:

$ heroku config:set DATABASE_URL="@resource:heroku-postgresql:hoping-sagely-9852" -a app-with-addons-122
! That resource is either does not exist or is outside of the visibility of the owner of app-with-addons-122.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment