kyl3c
commented
1 year ago Yeah, its definitely a pain to update each session, but the short lived (90min) token helps.
Any thoughts on keyring? Seems like a nice option since it plays with OS native credential storage.
https://pypi.org/project/keyring/ https://pypi.org/project/keyrings.cryptfile/
PyPI
Store and access your passwords safely.
Encrypted file keyring backend
Bearer Token is currently stored as an environment variable. This is both insecure and hard to manage.
Insecure because sometimes users root home directories will be readable by others for various reasons. This token should be stored somewhere that can be set mode 0600 without breaking anything. (And ideally check for 0600 similar to how SSH does for
~/.ssh.)Hard to manage because you either need to set this manually each session, or store it in a
.bashrcfile or something, which is a pain to update. (And even worse, can leak if you store your dotfiles in a public repo!)I propose storing this in a subdir of the OS-specific config dir. (Not sure if there is a single environment variable that can tell us this.) Linux:
~/.config/OSX:~/Library/Application Support/Windows:%AppData%/. Perhaps there is an existing Python library to find this dir for us?