Limit who can see / change secrets

[aeneasr]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

Currently, some secrets (e.g. SMTP server and webhook secrets) can be fetched by using the API. Other secrets like the system secret can not be fetched.

Customers have complained that secrets shoold not be visible to everyone who is part of the project.

Describe your ideal solution

• Make all secrets "save & forget" - i.e. they can not be exported
• Make some secrets only visible with a special permission / role

Workarounds or alternatives

None

Version

master

Additional Context

Hiding all secrets will make it more challenging to use an Ory Network config in a self-hosted environment.

[alnr]

To authenticate webhooks, HTTP email servers, and probably also secure SMTP, we could offer mTLS. Pretty easy to implement and proven security.