agent token copy shouldn't retain in a clipboard manager

buildkite / frontend

🌏 The front-end application code for https://buildkite.com

MIT License

137 stars 27 forks source link

agent token copy shouldn't retain in a clipboard manager #788

Closed nhooyr closed 5 years ago

nhooyr commented 5 years ago

When I use the copy for my agent token, it gets put in my clipboard manager's history.

If I copy a password on 1password though, the password is not retained. I'm not sure how 1password does this but buildkite should do this too. I believe GitHub also handles this correctly when copying an access token

ticky commented 5 years ago

Hi @nhooyr, unfortunately whatever your clipboard manager is doing, it’s non-standard. There’s no option in the web clipboard APIs to mark something as “sensitive,” and it’s likely that your clipboard manager is itself identifying clips from 1Password as such. Without knowing what you’re using, or what it’s doing, there’s not really much we can do other than advise you to be careful!

nhooyr commented 5 years ago

Just verified GitHub also doesn't handle this correctly, my bad. 1password is a desktop app so there must be something in the macOS clipboard API or as you said my clipboard manager is detecting which app I copied from.