ErnestOrt / Trampoline

Admin Spring Boot Locally
http://ernestort.github.io/Trampoline/
Apache License 2.0
356 stars 82 forks source link

Git Credentials should be injected through properties file #43

Closed jtwalraven closed 6 years ago

jtwalraven commented 6 years ago

Git credentials (in the case that Git is not installed on the system) should be injected through the properties file, that way credentials are not published to the git repository. This could be a serious security issue for people that need it.

ErnestOrt commented 6 years ago

Sure. Although if this information is stored on properties file, it will be published also to the git repository.

So this is the proposal:

Sounds good @JTWalraven ?

image

Looking/evaluating best way to protect credentials wherever.

jtwalraven commented 6 years ago

@ErnestOrt Sorry, I should clarify. I mean to pass it in through the properties using Environment variable injection. For example:

trampoline.git.username=${TRAMPOLINE_GIT_USERNAME}
trampoline.git.password=${TRAMPOLINE_GIT_PASSWORD}
jtwalraven commented 6 years ago

I think it would be a good idea to have both the option to pass it in as well as a settings panel. This way, you have an easy to use interface, but you also have a way for automated tools to pass in credentials through environment variables without having to modify any specialized files.

jtwalraven commented 6 years ago

I love the design btw! It looks good.

ErnestOrt commented 6 years ago

Thanks @JTWalraven.

Not sure if it should have a high priority to focus on automated tools under the issue exposed. Moreover, we should think to provide a complete API to be able to interact with automated tools, not only regarding git creds (#24 ).

Let's do the following; under this tiquet we can solve the situation where your credentials are being pushed on github and we create another tiquet to implement a complete API. Make sense?

I've already though and tried a good way to implement it so hopefully tomorrow I am going to summit a PR.

jtwalraven commented 6 years ago

Sounds good! Let me know.