Hello! We’ve been using DatoCMS on our company and have been very satisfied with the results. Random point, but I’d like to say that we’ve found the tool through the Contentful forums, where they have an unclosed issue (for years!) about mismatched GraphQL content schemas, and someone linked the forums here where the issue was promptly fixed.
Either way, we’re really missing a secret management/injection tool in Dato. Something akin to how Github actions handles secrets is a good reference for this.
The main use of this tool would be for stuff like triggering the webhooks, where right now, you can set up custom headers, but they’re saved as plaintext and anyone can see/edit them. This would also be useful in plugins like the Web Previews, where the same situation is true.
In short:
- Panel in settings that allows to manage secrets where:
- Saved secrets do not display their value and can only be changed - not viewed
- Deletion of secrets is possible
- Secret management is a possible permission target
- Places in the interface where you’re able to set your own API routes - such as webhooks and Web Previews - can take secrets as inputs to headers/json data values