bnw / firefly-iii-fints-importer

Import financial transactions from you FinTS enabled bank into Firefly III.
GNU Affero General Public License v3.0
157 stars 23 forks source link

Encrypt configurations using GPG #68

Open jadyndev opened 2 years ago

jadyndev commented 2 years ago

I'm considering to add the option for encrypted configurations. This way the credentials are protected against someone reading your config files. (run-time attacks would still be possible of course. And if you loose your private key that won't help either.)

To implement this properly (not calling executables with exec()) I'd use this extension: https://pecl.php.net/package/gnupg which needs to be installed on the system / docker container and included into php.ini

Is this something people would use/are interested in? If so I'd implement that.

Keep in mind that the gnupg package can only be used under Linux.

bnw commented 2 years ago

Hi, thanks for your suggestion.
Note that you can leave the bank credentials empty in the config. Then, you will only be queried for these during the import process.
While I don't want to stop you, personally, I feel that entering my banks username/password is about as complex as providing a key file (and possibly a password for that). So I'm not sure that this is worth implementing.

jadyndev commented 2 years ago

I'm currently not supplying the credentials in the file which works just fine. As I'm using smart-cards for my gpg keys, I don't need a key file or password for it and I can just decrypt data using gpg agent and my smart cards. I get that it's a bit of a rare setup I'm running here. But I'm personally very interested in automating the import completely: As in having a cronjob / systemd-timer or something similar running the import daily and having encrypted configs would be a nice feature.