Skip to content

Bug: "Create workspace" in dashboard prompts user for sensitive (template) parameters #1676

Closed
@bpmct

Description

@bpmct

OS Information

  • OS: Server on Debian 11

  • Browser (if applicable): Chrome

  • Architecture: AMD64

  • coder --version:

    Coder v0.5.11-devel+fa957d6d Mon May 23 15:01:32 UTC 2022
    https://github.com/coder/coder/commit/fa957d6d6551073abab25f6c020190f8182472ae

Steps to Reproduce

  1. Add a template to Coder via the CLI, set "sensitive" (template-level) variables such as API key or ServiceAccount
  2. Log into Coder web UI
  3. Create workspace from template
  4. Notice you are prompted for the admin variables, such as ServiceAccount and API key. These should only be defined at the template level

Expected

Sensitive terraform variables should not show up in "Create workspace" UI. The CLI already handles this.

Screen Shot 2022-05-23 at 12 05 29 PM

Actual

Screen Shot 2022-05-23 at 12 01 12 PM

Notes

I did some preliminary testing and this doesn't appear to override the template variables, posing little security risk. However, it is an incorrect UX for users.

Metadata

Metadata

Assignees

Labels

siteArea: frontend dashboard

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions