Please support authinfo for login

nlamirault / emacs-gitlab

A Gitlab client for Emacs

GNU General Public License v2.0

139 stars 30 forks source link

Please support authinfo for login #28

Open xmaillard opened 8 years ago

xmaillard commented 8 years ago

Hello,

it would be awesome to protect our login information inside a GPG protected file like the .authinfo.gpg file.

Thank you. Xavier

xmaillard commented 8 years ago

Here is a sample way it could be done (https://git.framasoft.org/snippets/120):

(defun gitlab--get-password-authinfo (&rest username)
  "Return password for `username' using `authinfo' file."
  (let* ((username (or username (gitlab--get-username)))
     (host (gitlab--get-host))
     (found (car (auth-source-search
            :host host :require '(:secret) :user username))))
    (when found
      (let ((password (plist-get found :secret)))
    (if (functionp password) ;; could be a function check `auth-source-search'
        (funcall password)
      password)))))

(setq gitlab-host "git.framasoft.org"
      gitlab-username "xma"
      gitlab-password (gitlab--get-password-authinfo))

Note: no password cache mechanism

Authinfo could be used also to store the token in return, etc. I feel it more secure than any other mechanism (authinfo can be encrypted).

thomasf commented 8 years ago

you could also just have a gitlab-auth.el.gpg and load that when you require emacs-gitlab.. You don.'t need something special case functionality for this.

I think you need to have this for it to work, then you can just load .el.gpg files as ordinary elisp files using require on that package as usual.

(add-to-list 'load-suffixes ".el.gpg")

I do this as an eval-after-load for several packages which has some kind of auth info to be loaded.

This ofc means that the password usually is loaded into memory as an variable and stays there until I quit emacs which is fine for me for most things.. My gpg key is the only thing I reallly want to protect, everything else is randomly generated 32char strings.

xmaillard commented 8 years ago

True. Though I prefer to have all my auth stuff in one (protected) place. YMMV :)

There is also the password-store CLI (which I have not checked yet).

TLATER commented 6 years ago

Authinfo is the standard for everything else in emacs, why not support that? Authinfo also allows using different backends, making it a lot more convenient for users than encrypting .el files.