Avoid use the secret value in the DevOps scm verify API
Created by: LinuxSuRen
What would you like to be added:
API: POST devops.kubesphere.io/v1alpha2/scms/github/verify/
Payload: {accessToken: "github_plain_token"}
Suggestion: change the payload to {name: 'secret_name'}
Why is this needed:
There are security issues if users can get a plain secret value. See also the above example:
We should never pass the token to an API. Instead, please pass an ID or name on it.
/area devops