Passphrase is an application that stores credentials, like passwords and SSH private keys. Currently, there is a "Show Secret" action which reveals the plain text of the password or SSH key.
In some cases this is desirable (e.g., using Passphrase to store a low-importance credential like a guest wifi password).
However, in some cases it's not all that great, and it would be nice to completely prevent access to secrets. For example, some secrets are used to give Phabricator access to remote repositories. In these cases, no user ever needs to retrieve the secret, so preventing retrieval of the secret reduces the risk of account compromise: even if an attacker compromises an account, they won't be able to see the secrets.
To accomplish this, we can add a "Lock Permanently" action to Passphrase. Implementation will be similar to the "Close Poll" option added in D8846.
- Add an `isLocked` parameter to PassphraseCredential and the storage table.
- Add a TYPE_LOCK transaction.
- Add a "Lock Permanently" action to the UI. This should pop a dialog asking the user to confirm that they never ever want to see the credential ever again, then lock the credential.
- When a credential is locked, the "show secret" action should be disabled, and the user should be told that they can never ever see the secret ever again if they click it.
- When a credential is locked, the secret should probably not be editable. (This might be a bit tricky and could happen in a followup.)
- When a new credential is created, it would be nice to have a checkbox like `[ ] Permanently lock this credential` to make it easier to create locked credentials.