escape secrets that look like variables

[michel-laterman]

fleet-server has a secrets injection where a secret defined in a special index in injected in a policy before it is sent to an agent
elastic-agent has support for escaping variables in an input where if given $${X} then ${X} would be passed to components.

Fleet-server should escape secrets that look like variables before passing them to the agent, so any secret that looks like ${X} would be transformed into $${X}, but secrets that look like they have been escaped are not effected.

[blakerouse]

You should actually escape anything that looks like '${'. Ignore the ending bracket, because even that will cause an issue as then the AST parser will complain that there is no closing bracket.

[michel-laterman]

So far my unit tests show that if an escaped sequence ($$) is under the inputs key it's not altered by the agent, but that the fleet-ui is doing the injection when a value is defined; i think this would also apply to secret values with $$ in them; i'm not sure if this issue is needed, see comment

[ycombinator]

Thanks @michel-laterman. Going to close this issue in favor of elastic/kibana#188377 for now. We can always reopen if needed.