mill icon indicating copy to clipboard operation
mill copied to clipboard

Published 20 hours ago verified publisher icon com-lihaoyi

Consider deprecating or at least avoiding credentials as command line arguments

Open Flowdalic opened this issue 3 years ago • 3 comments

Mill current has at least some Sonatype related command line options that take credentials as arguments. For example from the publish task

  --sonatypeCreds   String (format: "username:password")

Users even potentially provide their gpg passphrase via command line

--gpgArgs --passphrase=<gpgPassword>

Command line arguments are not considerd private in some (most?) operating systems security model. So other users on the same system could easily learn those credentials. Instead, secrets should be obtained via environment variables or (protected) files.

Flowdalic avatar Sep 02 '22 14:09 Flowdalic

Yeah, that makes sense. I immediately see two actionable tasks:

  • Add support for reading these credentials from environment variable via T.env.
  • Add some note to the documentation (Pages, ScalaDoc) mentioning the security risks and the alternatives via env variables

lefou avatar Sep 05 '22 09:09 lefou

Yes, that would be a good start. +1

Ideally the sonatype credentials are read from a file under ~/.config/. At least that is how most of my gradle-based projects are setup: IIRC gradle "sources" a file under ~/.config that potentially contains sonatypeUsername and sonatypePassword. Then the project's build script can check if those properties are set, and consume them if so. And instead of providing the gpg passphrase, the gpg-agent is used. It may be worth to look how gradle did it.

Flowdalic avatar Sep 05 '22 10:09 Flowdalic

Using gpg-agent should work out of the box. It does for me.

lefou avatar Sep 05 '22 10:09 lefou