>_
.issue.db
/highway-workflow-engine
Dashboard
Issues
Memory
Lessons
Audit Log
New Issue
Edit Issue #319
Update issue details
Title *
Description
## Current State - API never returns secret values (by design) - Only workflow tools.secrets.get_secret returns values ## Problem Legitimate admin use cases require viewing secret values: - Verifying a secret was set correctly - Debugging integration issues - Rotating credentials (need to see old value) ## Solution Add optional secure endpoint with extra authentication: GET /tenant/secrets/<path>/value Requirements: - Requires manage_secrets permission PLUS explicit confirmation - Rate limited (max 10 value reads per hour per user) - Audit logged with full details - Optional: Require MFA/2FA confirmation - Response includes warning about sensitivity ## Alternative: Keep values invisible - Force users to use Vault CLI directly for value access - This is more secure but less convenient ## Acceptance Criteria - New endpoint with enhanced security - Strict rate limiting - Full audit logging - UI shows warning before value reveal
Priority
Low
Medium
High
Critical
Status
Open
In Progress
Closed
Won't Do
Due Date (YYYY-MM-DD)
Tags (comma separated)
Related Issues (IDs)
Enter IDs of issues related to this one. They will be linked as 'related'.
Update Issue
Cancel