[Main] [STRATCONN-6227] Update documentation and review guidelines to check for type:password #3360
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Comment on lines
+28
to
+30
| - [ ] **Reviewed all field definitions** for sensitive data (API keys, tokens, passwords, client secrets) and confirmed they use `type: 'password'` | ||
| - [ ] **Verified authentication fields** are properly marked with `type: 'password'` where appropriate | ||
| - [ ] **Checked field names and descriptions** for keywords indicating sensitive data: `key`, `token`, `secret`, `password`, `code`, `auth`, `credential`, `bearer` |
There was a problem hiding this comment.
Don't all these three mean the same?
There was a problem hiding this comment.
Pull Request Overview
This PR enhances security documentation and review processes by adding comprehensive guidance for properly marking sensitive fields with type: 'password' across the Action Destinations codebase. This ensures credentials and secrets are properly secured in Segment's infrastructure and excluded from git sync operations.
Key changes:
- Added extensive documentation explaining when and why to use
type: 'password'for sensitive fields - Enhanced PR review guidelines to include security checks for proper password field usage
- Updated the PR template with a security review checklist
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| README.md | Added comprehensive "Password and Secret Fields" section with implementation examples, security rationale, and integration details |
| CONTRIBUTING.md | Added security review checklist for GA releases, emphasizing proper password field configuration |
| .github/copilot-instructions.md | Enhanced code review guidelines to include security and secret detection checks |
| .github/PULL_REQUEST_TEMPLATE.md | Added security review section with checklist for verifying proper handling of sensitive fields |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this PR, updated documentation and review guidelines to check for type: password
Jira: https://twilio-engineering.atlassian.net/browse/STRATCONN-6227
A summary of your pull request, including the what change you're making and why.
Testing
Include any additional information about the testing you have completed to
ensure your changes behave as expected. For a speedy review, please check
any of the tasks you completed below during your testing.