The exercism debug command lists a lot of useful information and a request that people post this to a Github issue if they are having problems. If they just copy/paste this information it exposes their full API key.
By redacting the central characters of the API key, it allows copy/pasting and basic verification that the api key is there and that the first and last characters look correct, without exposing the full key, and doesn't require the user to manually obscure the API key.
Proposal:
By default, redact the central characters of the API key so that the full API key is not available.
$ exercism debug
<debug output>
API Key: 5771------------------------b58c
<more debug output>
Add a command line option to show the full api key if this really is necessary.
$ exercism debug --full-api-key
<debug output>
API Key: 5771a11609868802615775105cccb58c
<more debug output>
The
exercism debugcommand lists a lot of useful information and a request that people post this to a Github issue if they are having problems. If they just copy/paste this information it exposes their full API key.By redacting the central characters of the API key, it allows copy/pasting and basic verification that the api key is there and that the first and last characters look correct, without exposing the full key, and doesn't require the user to manually obscure the API key.
Proposal:
By default, redact the central characters of the API key so that the full API key is not available.
Add a command line option to show the full api key if this really is necessary.