Closed
Description
OS Information
-
OS: Server on Debian 11
-
Browser (if applicable): Chrome
-
Architecture: AMD64
-
coder --version
:Coder v0.5.11-devel+fa957d6d Mon May 23 15:01:32 UTC 2022 https://github.com/coder/coder/commit/fa957d6d6551073abab25f6c020190f8182472ae
Steps to Reproduce
- Add a template to Coder via the CLI, set "sensitive" (template-level) variables such as API key or ServiceAccount
- Log into Coder web UI
- Create workspace from template
- Notice you are prompted for the admin variables, such as ServiceAccount and API key. These should only be defined at the template level
Expected
Sensitive terraform variables should not show up in "Create workspace" UI. The CLI already handles this.
Actual
Notes
I did some preliminary testing and this doesn't appear to override the template variables, posing little security risk. However, it is an incorrect UX for users.