Open parsoj opened 5 years ago
Duplicate of #18, which it seems shouldn't have been closed back then.
https://github.com/wakatime/wakatime/commit/4c3d80873d779821f8abe7c50a521e6f18ec77e7 adds support for reading/writing api key to ~/.wakatime.cfg
with the wakatime command line program, for ex:
wakatime --config-read api_key
or
wakatime --config-write api_key 1234
Now we just need to update wakatime-mode
to execute the wakatime cli when reading and saving the api key instead of writing to init.el
.
Looks like the README says you can use wakatime.cfg
now, but if this is still an issue: as a work around, you can add your key to ~/.authinfo.gpg
, then load from there in your config. The authinfo entry could look something like:
machine wakatime.com password <WAKATIME_API_KEY>
Then in your config:
(setq wakatime-api-key (auth-source-pick-first-password :host "wakatime.com"))
Hi! I really appreciate that you guys put this plugin together!
However - could I ask you to please not use
customize-save-customized
to store your users' api keys? https://github.com/wakatime/wakatime-mode/blob/master/wakatime-mode.el#L109-L116That function stores the customize variables by writing them in plain-text to the user's init.el file
Many emacs users like to keep their configs in revision control - and also like to share their configs with other emacs users (my configs are in a public git repo)
I just caught that my private wakatime API key was actually being published as public information because it was in my init.el file!
I'll come up with a work-around for now - but please keep in mind that you are potentially setting people up to make their private API key public information (because they may not catch that you wrote it to their
init.el
) Thanks!