fix: enhance TextField component to handle sensitive configuration

[tuantran0910]

Closes #4417

📑 Description

In the provider configuration UI, sensitive fields such as bot_token (e.g., in the Telegram provider) are correctly rendered with type="password" to hide their values. However, the actual token value is still visible in the DOM (e.g., through browser dev tools), defeating the purpose of marking it as sensitive.

Before:

After:

NOTE: One drawback is that you can no longer view the previously hidden secret configuration in the installed provider.

✅ Checks

• My pull request adheres to the code style of this project
• My code requires changes to the documentation
• I have updated the documentation as required
• All the tests have passed

[vercel]

@tuantran0910 is attempting to deploy a commit to the KeepHQ Team on Vercel.

A member of the Team first needs to authorize it.

[shahargl]

@tuantran0910 let's make it optional with some environment variable? I don't want to change the default behaviour

[shahargl]

see comment

[tuantran0910]

Hi @shahargl, I have added an environment variable to hide sensitive field. You have a check at my commits: 65dc642

[shahargl]

@tuantran0910 yea so in Keep we do not use NEXT_PUBLIC_ env vars since they are baked in build time and not in run time. What you'll need to do is to add it as KEEP_HIDE_SENSITIVE_FIELDS and add it in useConfig and getConfig

[tuantran0910]

Hi @shahargl, can you review this again ? I have modified the environment variable name, also added it in useConfig and getConfig.

[tuantran0910]

Sorry, seems that it is still not working, which made the test failed, will resolve asap.

[tuantran0910]

It's fine now :D

[shahargl]

lgtm

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
keep	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 12, 2025 10:16am