Open xmaillard opened 8 years ago
Here is a sample way it could be done (https://git.framasoft.org/snippets/120):
(defun gitlab--get-password-authinfo (&rest username)
"Return password for `username' using `authinfo' file."
(let* ((username (or username (gitlab--get-username)))
(host (gitlab--get-host))
(found (car (auth-source-search
:host host :require '(:secret) :user username))))
(when found
(let ((password (plist-get found :secret)))
(if (functionp password) ;; could be a function check `auth-source-search'
(funcall password)
password)))))
(setq gitlab-host "git.framasoft.org"
gitlab-username "xma"
gitlab-password (gitlab--get-password-authinfo))
Note: no password cache mechanism
Authinfo could be used also to store the token in return, etc. I feel it more secure than any other mechanism (authinfo can be encrypted).
you could also just have a gitlab-auth.el.gpg
and load that when you require emacs-gitlab.. You don.'t need something special case functionality for this.
I think you need to have this for it to work, then you can just load .el.gpg files as ordinary elisp files using require
on that package as usual.
(add-to-list 'load-suffixes ".el.gpg")
I do this as an eval-after-load
for several packages which has some kind of auth info to be loaded.
This ofc means that the password usually is loaded into memory as an variable and stays there until I quit emacs which is fine for me for most things.. My gpg key is the only thing I reallly want to protect, everything else is randomly generated 32char strings.
True. Though I prefer to have all my auth stuff in one (protected) place. YMMV :)
There is also the password-store CLI (which I have not checked yet).
Authinfo is the standard for everything else in emacs, why not support that? Authinfo also allows using different backends, making it a lot more convenient for users than encrypting .el files.
Hello,
it would be awesome to protect our login information inside a GPG protected file like the .authinfo.gpg file.
Thank you. Xavier