So we're pretty close to a v3 release.
Would be nice to have a --key-location to load the AES key from a separate file instead of using the baked in one.
Another way would be a --key-command which is supposed to give the AES key when run.
None of these options could be encrypted by said AES key, but only obfuscated locally.
This needs to be discussed in SECURITY.md file too.
So we're pretty close to a v3 release. Would be nice to have a
--key-location
to load the AES key from a separate file instead of using the baked in one. Another way would be a--key-command
which is supposed to give the AES key when run. None of these options could be encrypted by said AES key, but only obfuscated locally.This needs to be discussed in SECURITY.md file too.