Open ffscl opened 7 years ago
VojtechVitek
commented
7 years ago Thanks for the PR!
This is interesting approach, but I wonder if people would really like to store their credentials into the Supfile itself, which is usually committed somewhere in a git repository.
Check out https://github.com/pressly/sup/pull/107#issuecomment-273289301 for another approach, where you'd be asked for password on-the-fly.
ffscl
commented
7 years ago Thanks @VojtechVitek - we're looking at using this for local Supfiles, not committing to git/sharing. As mentioned in my PR - I believe end users should decide how to secure their Supfiles. This is a simple option that is useful for individuals in environments where ssh keys aren't allowed.
I will wait for #107 if you decide not to merge. :)
VojtechVitek
commented
6 years ago Thank you for the contribution, but I lean towards #107. I don't want Supfiles to be vulnerable by design.
What about the community, what do you guys think?
If there's enough interest, we could potentially use unsecure_password field (to clearly indicate this is a bad idea), but I'd prefer if we didn't. I'll leave this PR open for a bit for discussion.
A basic implementation of password based ssh authentication - I've been using this tool for a while, and it's great. We have some environments that we can't use key-based authentication.
I know in issue #29 there were some concerns raised. I think we need to let the end users decide to secure their Supfiles if they decide to place plaintext passwords in them.