Password/API key in a secure password store

[GoogleCodeExporter]

It would be much safer if beets could use a remote password store to retrieve 
the musicbrainz password & chromaprint API key (assuming that should stay 
private).

I was thinking it could be implemented along the lines of offlineimap's method. 
An example could be found at 
http://www.clasohm.com/blog/one-entry?entry_id=90957 but basically it supports 
loading an arbitrary file that contains functions and being able to reference 
those functions in the configuration.

Original issue reported on code.google.com by colin.p....@gmail.com on 18 Feb 2013 at 7:25

[GoogleCodeExporter]

Interesting idea. It's always a good idea to try to store credentials securely 
in the OS's common encrypted store (e.g., the OS X keychain). In my experience, 
though, it's generally seen as "good enough" to use an API key that can be 
easily revoked (instead of a real password as MusicBrainz uses) and to make 
sure the file is not world-readable.

Maybe we can eventually convince the MusicBrainz folks to use an API key model.

Original comment by adrian.sampson on 18 Feb 2013 at 11:21

• Changed title: Password/API key in a secure password store
• Changed state: Accepted
• Added labels: Type-Enhancement, Priority-Low

[GoogleCodeExporter]

Personally I'd prefer if there was some sort of crypto token that the
server generates & stored in state.pickle. Like OAuth.

Original comment by colin.p....@gmail.com on 19 Feb 2013 at 1:06

[untitaker]

Do not comment here, but on sampsyo/beets#191