Secrets as environment variables similar to normal variables

[lambrospetrou]

Problem to solve

I want to programmatically provide secrets as environment variables instead of the --secret argument.

It makes things easier in some cases, and it's more suitable for some uses like platforms (like Skybear.NET).

Proposal

Similar to how any environment variables can set Hurl variables, like HURL_abc=xyz setting the abc variable with value xyz, it would be great if we could have HURLSECRET_abc=xyz and this is the same as --secret abc=xyz.

Decide if it will be HURLSECRET_key=value or HURL_SECRET_key=value (although this might complicate existing variable logic).

Additional context and resources

In Skybear.NET, the users can set Hurl variables at the account level. Since Hurl 6.1.0 introduced secrets I want to transparently make any specified variable that seems sensitive to be a secret automatically without the user doing anything.

My only option right now is to use the --secret CLI argument, but that is more dangerous since a user could exploit that and break the actual command execution (I have some protections, but at some point someone could workaround it).

Having the ability to do it with environment variables that only Hurl will parse seems a much better approach, and is how I automatically provide the Hurl variables right now.

Tasks to complete

• ...

[fabricereix]

Hello, I have done exactly the same. Adding a --secret access_token=$HURL_access_token at the command-line to make my env variable HURL_access_token a secret.
But It could indeed bring other security issues.

I like the HURLSECRET_key=value solution.