Safer token storage - Githubissues

himynameisdave / git-labelmaker

:flags: Manage your GitHub labels from the command line!

MIT License

575 stars 33 forks source link

Safer token storage #14

Closed himynameisdave closed 8 years ago

himynameisdave commented 8 years ago

See if we can lock that token.json file down or something, or store it as an env variable and then check it out every time?

Very least some kind of chmod so an malicious attack would have to sudo at least (?)

himynameisdave commented 8 years ago

Asked a question on the stackoverflows

Jameskmonger commented 8 years ago

Can I pick this up @himynameisdave ?

himynameisdave commented 8 years ago

Yes, what is your plan of action?

Jameskmonger commented 8 years ago

I'd like to use https://github.com/buttercup-pw/buttercup-core to encrypt the tokens. We could allow the user to choose a password which they can remember, which will be used to encrypt/decrypt the password in the buttercup archive.

himynameisdave commented 8 years ago

@Jameskmonger yeah I'm cool with that solution :+1:

himynameisdave commented 8 years ago

@Jameskmonger when you open a PR for this, please merge it into the v0.7.0 branch, which is my working branch for all of the 0.7.0 milestone stuff