mdb
commented
8 years ago @synedra Thanks for the feedback!
Note that go-edgegrid does not require that credentials be stored as environment variables; the support is there as a feature should users prefer this method.
The ability to support the use of an ~/.edgegridrc is definitely on the roadmap, though!
Could you please point me to the existing Golang signing library? go-edgegrid was originally developed specifically because Akamai did not previously offer such a package.
njuettner
Greetings,
Thanks for putting this together! We do now have a signing library for go but it's fine to have more than one.
However, in order to use this as an akamai signing library, you need to change how you're dealing with the credentials. Putting them in the environment is very insecure and it's important to protect those pieces of information. The other signing libraries (and any signing library for Akamai) use a ~/.edgerc file which can be locked down with permissions.
The format of this file is as follows: [default] client_secret = xxx= host = akab-xxx/ access_token = xxx client_token = xxx max-body = 131072
The section name is used by the signing libraries to know which of the sections to use for the credentials. Please implement this for the signing library. This is done in the other go repository which will be released shortly.
Thanks, Kirsten