In Forge, we can add configuration to a dynamic content macro by including a config key in the manifest, and using the <MacroConfig> UI kit component to specify the configuration UI, which will display in a side panel when editing the macro.
As with Connect and P2 macros, any parameter values specified in this config UI are stored with the page content and trivially accessible by end users (e.g. View Source and View Storage Format).
import ForgeUI, { MacroConfig, TextField, render } from '@forge/ui';
const Config = () => {
return (
<MacroConfig>
<TextField name="notsecret" label="This is not a secret"/>
<TextField name="secret" label="This is a secret"/>
</MacroConfig>
);
}
export const run = render(<Config />);
In the above example, the storage format for a page that includes this macro might include something like this:
<ac:adf-parameter key="notsecret">Hello</ac:adf-parameter>
<ac:adf-parameter key="secret">Shhh!</ac:adf-parameter>
Because of this, Atlassian’s guidance is: don’t store sensitive information in macro parameters.
Instead use Forge storage, and in particular the storage.getSecret() and storage.setSecret() APIs.
In an ideal world, the UI kit designers might have considered this guidance and provided developers with a simple way to indicate that a particular macro parameter value should be stored in storage vs page content, e.g. hypothetically something like a storage attribute:
<MacroConfig>
<TextField name="notsecret" label="This is not a secret"/>
<TextField name="secret" label="This is a secret" storage="true"/>
</MacroConfig>
…and the UI kit component could automatically take care of securely storing the value and associating it with the correct instance of the macro.
From what I can tell, nothing like this actually exists.
Developers that wish to offer macro configuration that includes potentially sensitive values are left to solve this themselves.
Equally, <MacroConfig> doesn’t seem to have an onSubmit event or similar that could be used to to intercept the values and handle this storage ourselves.
Are there any examples of how such a thing might be achieved using UI kit?
If not, is it possible to build a macro config UI with Custom UI?
Has anyone else solved this, or a similar issue, before?