Closed GuyLewin closed 5 years ago
You can look at my code for configuring the accounts that is based on this project's setup.
Agreed, duplicate of #34 Since this tool is being used locally on the user's workstation, it's not critical in my opinion. Yet again, we need to fix it - PR is welcome!
Regarding the following code: https://github.com/eshaham/israeli-ynab-updater/blob/5b0399ca3c3d2842a2e392a0eb14939c551e8438/src/helpers/crypto.js#L3-L10
Even if the credentials are encrypted with AES with a preconfigured key, it's still decryptable by simply the file (since the key is on GitHub).
How about moving to using system's keychain management instead? With a cross-platform library such as keytar