fix: Credentials obfuscation

[alexluong]

implements #148

• Obfuscate credentials
• Support credentials update
  • Remove webhook obfuscation for now for secret rotation logic

Approach

In the credentials schema, we added a sensitive field. Then, the registry (provider) adds a method ObfuscateDestination which reads the metadata & obfuscate the sensitive values.

For webhook provider, it overrides the default obfuscate function to provide more fine-tuned obfuscation logic.

Result:

RabbitMQ

"credentials": {
	"password": "****",
	"username": "guest"
}

AWS

"credentials": {
	"key": "****",
	"secret": "****",
	"session": "****"
}

Webhook

"credentials": {
	"secrets": "[{\"key\":\"****\",\"created_at\":\"2024-01-01T00:00:00Z\"}]"
}

[alexbouchardd]

Can we keep the first 4 value by default and maintain the length of the value (replace characters with "*"). If the secret is too short =< 8 characters then it should be fully obfuscated