Open rexwangcc opened 5 years ago
It would somehow make the tool less secure
I'm not sure I agree; I think caching credentials locally as you suggest reduces the likelihood that someone checks in a script somewhere with credential strings as required:
cromwell-tools abort \ --url xxx \ --username xxx \ ---password xxx \ UUID
I like the approach taken by aws/gcp that you suggest above. Suggest implementing 👍
Right now each time you run the
cromwell-tools
command, it's required to pass in the auth params, such as--username
,--password
and--service-account-key
, it has been a burden to users, since it is too much to type when you just wanna abort a workflow but you have to:Some other CLI tools, such as
aws
,gsutil
orkubectl
are supporting caching the credentials under~/.aws
or~/.config
, so that you could leveragexxx auth select
orxxx config use-credentials
to switch between stored credentials/roles. It would somehow make the tool less secure, but incredibly help improve the user-friendliness. This issue serves as a discussion area to talk if we should add that feature incromwell-tools
, which will cover some commands like:cromwell-tools auth add
cromwell-tools auth select
cromwell-tools auth remove
cromwell-tools auth list