As part of the effort to drive adoption for secrets and improve the security of Fleet and Integrations, we'd like to start notifying integration maintainers when their integrations contain variables that are candidates for secrets.

"Candidate" fields should include, but aren't limited to

• Variables of type password
• Variables with common names like password or api_key or api_token
• ...

This notice/warning should not be blocking at this time, and should just serve to notify users.

We should also have a way to ignore this warning by decorating a given variable definition with a comment or flag e.g.

my_variable:
  # elastic-package-ignore/should-be-secret
  api_key: 
    type: string