Closed tadejm closed 8 years ago
Hello @tadejm, thanks for your suggestion. I see one problem in that solution - what if the user has different pivotal tracker accounts?
Also, your pivotal-tracker.token should only be visible on your .gitconfig
if you set it through the --global
flag or am I wrong ?
I see your point. A possible solution would be not to store the pivotal token in the global gitconfig
but rather have it specified by project in the <project root>/.git/config
. That gives you the flexibility of per project token.
However if you're using a single token for all the projects, having a possibility of setting it as ENV variable decreases a potential security bridge (accidental global gitconfig
ends in a public repo on GH)
So the logic would be something like:
gitconfig
(either on global or per project level)PIVOTAL_TOKEN
env varialbe is setSo the logic would be something like:
@tadejm that's the default behaviour. Your PT token doesn't have to be global; you can specify it per-repo, which is how Im using it regularly.
git config pivotal-tracker.token
will read from the current repo and fall back to the default value.
@tadejm does @mezis solution work for you?
Yes, that works, though it’s a workaround.
However, I’m still keen on spiking the proposed solution. I’ll let you guys then decide whether you see it as part of the gem or not.
On 23 Oct 2014, at 12:04, Pedro Cunha notifications@github.com wrote:
@tadejm https://github.com/tadejm does @mezis https://github.com/mezis solution work for you?
— Reply to this email directly or view it on GitHub https://github.com/mezis/git-whistles/issues/34#issuecomment-60223115.
Hey @tadejm I'll close this for now. Feel free to open this again if you make any progress / contribute to it. Thank you.
Many of us have
.gitconfig
committed and pushed in the dotfiles public repo on GitHub.Myself I store sensitive keys in a
.private
file which is ignored by git that get's sources when the env loads.In order to prevent PT token leaking my suggestion is to check if
PIVOTAL_TOKEN
env variable exists and take that as a precedence overgit config pivotal-tracker.token
.Thoughts?