Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove secrets from configuration #49

Open
alanpearce opened this issue Jun 15, 2017 · 1 comment
Open

Remove secrets from configuration #49

alanpearce opened this issue Jun 15, 2017 · 1 comment
Labels
Type: Feature request

Comments

@alanpearce
Copy link
Contributor

It's generally accepted that keeping secrets on disk in unencrypted files is a _Bad Idea_™. Having secrets inside the fotingo configuration keeps me from publishing it alongside my other dotfiles.

There are probably multiple ways to approach the issue. What I think would make sense is the ability to specify a program to fetch the JIRA password/github API key. A user could then use e.g. pass ,
command-line access to the system keychain (e.g. for macOS) or any other tool that outputs the password to stdout.

Another option would be to read from environment variable, like the AWS command-line tools.

Either way, fotingo wouldn't have to deal with any cryptographic operations

There are probably other approaches, but these ones consistent with what I've seen in other command-line tools.

I looked at the code, and it seems like it would be easier to use environment variables, or read the secrets via command once and keep them in memory. However, It would be more secure to use the command approach and call the command each time, but that would require some changes in http-client. I would think that auth.password would therefore have to be a function, which would either be R.always(pass) for a string password, or a function that calls the specified command (child_process.execSync). The configuration format would then need some way of indicating whether the password is a string or command. Perhaps the command could be specified as an object, then the decision to use string/command processing would be based on the type?

I think I could probably work on this.
@tagoro9
Copy link
Owner

tagoro9 commented Jul 25, 2017

I'm sorry, I didn't realize this issue had been created until today. I totally agree that saving the password in plain text in the config file is not good at all.

For now, I have a ~/.fotingo file with the credentials and the you can have a fotingo file in the repository with only the shareable data.

I'll dedicate some more time later to think about a possible implementation, but definitely it is something that needs to be done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alanpearce @tagoro9