Hide or mask password (or other sensitive content) fields on "Review" step in Scaffolder plugin

Feature Suggestion

Hide or mask password (or other sensitive content) fields on “Review” step in Scaffolder plugin

Possible Implementation

Change the file plugins/scaffolder/src/components/MultistepJsonForm/MultistepJsonForm.tsx to hide or transform data passed to StructuredMetadataTable trough metadata argument. All data in password field would be masked or hidden.

Context

I work for a big company in Brazil and we are starting to adopt Backstage as our portal, since we have more than 400 people in our IT team, with thousands of solutions, and we are planning to give full access to backstage, meaning for developer or not. We are already using Microsoft B2C service to log in all that users.

Nowadays we are implementing some templates aiming to use scaffolder plugin, but we really dont want not developers to create new repos from backstage willing that some magic ready to go service could be generated by that. So we want to use our github permissions to block users that dont have permissions to create a new repo.

I already implement two things: 1 - a custom field to start the github authentication flow and set the GH token as a parameter to scaffolder 2 - an action, based on the builtin initAndPush, to use this token to perform actions on github via API.

The problem is that the token is showed in the “Review” step, and this isnt a good approach for me and submitting a PR is fine for me to have this feature.