Potential key leak

[pyhedgehog]

Let's pretend following scenario:

$ fantastic-hookio-cli hook create echo
{"error":true,"message":"\"anonymous\" does not have the role \"hook::update\" which is required to access \"/admin\"\n\nIf you are the owner of this resource try logging in at https://hook.io/login\n\nIf any access keys have been created you can also provide a `hook_private_key` parameter to access the service.","user":"anonymous","role":"hook::update","type":"unauthorized-role-access"}
$ export hook_private_key=12345
$ fantastic-hookio-cli hook create echo
{
  "status": "created",
  "hook": {
    "ctime": 1463162172503,
    "mtime": 1463162172503,
    "name": "echo",
...
    "_rev": "1-eb2043385b3681156281afc2b73fc331",
    "id": "90f540533710a16e333d3bd33b764aea",
    "hookSource": "code"
  }
}

Then you want to run this hook (or some other hook) and forgot to unset $hook_private_key:

$ hook marak/echo
{ hook_private_key: '12345', param1: 'foo', param2: 'bar' }

BTW: I have "fantastic-hookio-cli" skeleton with sketch of hook.io-sdk-python. 😉 Are you interested?

[Marak]

Yes please!