ModProg
commented
3 years ago Maybe we could also encrypt with a simple password, if stored on disk
Like ssh-key
Closed ModProg closed 3 years ago
ModProg
commented
3 years ago Maybe we could also encrypt with a simple password, if stored on disk
Like ssh-key
hardliner66
commented
3 years ago Keyring would be nice for security, but wouldn't that force the user to always enter their password when they want to use this tool? Would be pretty annoying for automating things.
Maybe we could also encrypt with a simple password, if stored on disk
I don't think this is a good idea. There is no real way to do this securely and the gain is minimal. Also, for an attacker to steal this, they would already need access to the device of the user, in which case they could just read the token from memory after it's decrypted.
ModProg
commented
3 years ago True, just wasn't sure if the token should lay around on disk. You are correct about that a keyring is either anoying or unsecure (if you unlock it permanently)
hardliner66
commented
3 years ago True, just wasn't sure if the token should lay around on disk.
Depending on the scenario it shouldn't. If we are talking about personal usage (meaning a person using it on his PC), this is probably the way to go. For automation scenarios (e.g.: docker deployments) the token should be passed via env var.
We can decide to either support both (env var overwrites config) or decide on one of them. Env var would work for both scenarios, but can't be updated automatically as easily as with a config.
ModProg
commented
3 years ago Both are supported, in my current config implementation
cafce25
commented
3 years ago Closing this since I think we all agree we don't really want / need this.
This could be useful https://github.com/hwchen/keyring-rs