From 052fb913d72978a819c4ff1e6b3020144982676a Mon Sep 17 00:00:00 2001
From: Pierre Tondereau <pierre.tondereau@protonmail.com>
Date: Wed, 23 Mar 2022 11:40:34 +0100
Subject: [PATCH 1/2] Fix lint in CI (deadlink).

---
 ARCHITECTURE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md
index 1b117879a..a1386a32c 100644
--- a/ARCHITECTURE.md
+++ b/ARCHITECTURE.md
@@ -67,7 +67,7 @@ In general, it's best to keep related commands together, and to avoid cognitive
 
 ### Guide to adding a new command
 
-Prior to adding a new command to Rover, you should familiarize yourself with Rover's existing [architecture](./ARCHITECTURE.md) and to make sure that you have discussed the design of the new command in a [GitHub issue](#Using-issues) before submitting a pull request.
+Prior to adding a new command to Rover, you should familiarize yourself with Rover's existing [architecture](./ARCHITECTURE.md) and to make sure that you have discussed the design of the new command in a [GitHub issue](https://github.com/apollographql/rover/issues/new/choose) before submitting a pull request.
 
 #### Example: `rover graph hello`
 

From 1b395a57c44c5887a095b3fbb0e34ac065f70c15 Mon Sep 17 00:00:00 2001
From: Avery Harnish <averyharnish@gmail.com>
Date: Wed, 16 Mar 2022 13:31:35 -0500
Subject: [PATCH 2/2] feat: adds --insecure-unmask-key to config whoami

previously, running `rover config whoami` would output your entire
API key to the terminal. This is not the documented behavior, and
it is insecure because someone could be sharing their screen
while trying to debug and accidentally leak their API key.

now, `rover config whoami` will mask your API key when it prints
to the terminal. you can override this behavior by passing the
--insecure-unmask-key flag.
---
 src/command/config/whoami.rs | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/command/config/whoami.rs b/src/command/config/whoami.rs
index c0d7f7d35..399124a5c 100644
--- a/src/command/config/whoami.rs
+++ b/src/command/config/whoami.rs
@@ -3,7 +3,7 @@ use rover_client::operations::config::who_am_i::{self, Actor, ConfigWhoAmIInput}
 use serde::Serialize;
 use structopt::StructOpt;
 
-use houston::CredentialOrigin;
+use houston::{mask_key, CredentialOrigin};
 
 use crate::anyhow;
 use crate::command::RoverOutput;
@@ -19,6 +19,14 @@ pub struct WhoAmI {
     #[structopt(long = "profile", default_value = "default")]
     #[serde(skip_serializing)]
     profile_name: String,
+
+    /// Unmask the API key that will be sent to Apollo Studio
+    ///
+    /// You should think very carefully before using this flag.
+    ///
+    /// If you are sharing your screen your API key could be compromised
+    #[structopt(long)]
+    insecure_unmask_key: bool,
 }
 
 impl WhoAmI {
@@ -72,10 +80,17 @@ impl WhoAmI {
 
         let credential =
             config::Profile::get_credential(&self.profile_name, &client_config.config)?;
+
+        let maybe_masked_key = if self.insecure_unmask_key {
+            credential.api_key
+        } else {
+            mask_key(&credential.api_key)
+        };
+
         message.push_str(&format!(
             "\n{}: {}",
             Green.normal().paint("API Key"),
-            credential.api_key
+            &maybe_masked_key
         ));
 
         eprintln!("{}", message);