Don't show Service Account JSON contents when set by a constant

[dchenk]

I think an important security feature that should be added is to not display the Service Account JSON field value in the settings panel when the JSON key is set with a PHP constant. What's the point of showing the JSON anyway? The user can't edit it from wp-admin, and they don't need to see it for any reason. This is especially a security threat where I'm letting a client use a bucket that I'm paying for.

I'd like to hear all your thoughts about this. Doesn't it sound like the right thing to do?

Thanks!

[dchenk]

@alimuzzaman or @ewsopp will we be seeing this feature in the next release? I'd really appreciate it.

[alimuzzaman]

@dchenk yes this will be on next release.

[alimuzzaman]

@dchenk @ewsopp how does this look? Any suggestion?
Should I make the box empty or the message is good?

[dchenk]

That's really great. You can even have the textbox not show up but just display the message. Thank you :)

[ewsopp]

Looks good, but adjust the text within the text box...

Currently configured via a constant.

You missed the "a" before constant.

[alimuzzaman]

@dchenk removing isn't good idea.

[alimuzzaman]

@antonkorotkov do you have any idea about what to do with the textarea when not showing the JSON key?

Showing Currently configured via a constant. inside textarea is redundant because it's already exists bottom.

[ewsopp]

It's fine, just leave it as is.