Obfuscate credentials before rendering to the front-end#1047
Merged
peterwilsoncc merged 11 commits intodevelopfrom Feb 10, 2026
Merged
Obfuscate credentials before rendering to the front-end#1047peterwilsoncc merged 11 commits intodevelopfrom
peterwilsoncc merged 11 commits intodevelopfrom
Conversation
…als that should remain private (like API key) and obfuscate those
…credentials through our new obfuscation class
dkotter
requested review from
peterwilsoncc
and removed request for
a team and
jeffpaul
✅ WordPress Plugin Check Report
📊 ReportAll checks passed! No errors or warnings found. 🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check |
Contributor
peterwilsoncc
left a comment
peterwilsoncc
left a comment
There was a problem hiding this comment.
A couple of suggestions inline.
They're both fairly paranoid so I'm happy to hear any push back.
Otherwise the code looks good and is testing well.
…f asterisks we look for
…s class so we have more control over those fields
peterwilsoncc
approved these changes
Feb 10, 2026
Contributor
peterwilsoncc
left a comment
peterwilsoncc
left a comment
There was a problem hiding this comment.
I pushed one last paranoid length check in f16a21d.
This is testing well and the code looks good to merge.
github-project-automation
bot
moved this from QA Testing
to Done
in Open Source Practice
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of the Change
At the moment, we grab all settings when rendering our settings page. This includes any Provider credentials that have previously been saved. This allows us to populate those credential fields with saved values so if any additional saves happen, we don't lose those credentials.
The issue here is that means these credentials are rendered in plain text, both in the API response that gets our settings and in the text inputs themselves. This isn't a huge deal as only administrators have access to these setting pages but it still isn't ideal.
This PR fixes that by adding in an
CredentialObfuscatorclass that will take all the settings we have saved and will then obfuscate just the private credential fields (like API keys). This only happens when we get our settings to display, not when we get the settings to use in API requests. We then check that we don't have obfuscated credentials when saving and if we do, we ignore those credentials (so we don't save obfuscated credentials).How to test the Change
Changelog Entry
Credits
Props @dkotter
Checklist: