untitledgoosetool icon indicating copy to clipboard operation
untitledgoosetool copied to clipboard

Published 20 hours ago verified publisher icon cisagov

UN/PW Question/Idea

Open bbhorrigan opened this issue 1 year ago • 2 comments

I've been playing with the tool this afternoon, and it seems pretty well put together. Great job! do you know if you have plans or ideas to deal with having the username and password in the .conf and .d4iot_conf files? Maybe some type of OAuth or secret authentication that would allow me to not have to store those credentials. Maybe some type of guide that explains how to hash them? In the Gov Space, we are not allowed to store passwords in clear text.

Thank you for putting the work into this tool.

What is the work, as a high-level summary?

Update authentication method so that we can remove the need to store UN/PW in clear text.

Why does this work belong in this project?

N/A

Implementation notes

N/A

Acceptance criteria

How do we know when this work is done?

  • [ ] Criterion

bbhorrigan avatar Mar 23 '23 22:03 bbhorrigan

Thank you for bringing this up. We're currently looking into the best way to implement the request.

victoriawallace-cisa avatar Mar 24 '23 15:03 victoriawallace-cisa

Appreciate the time, good job on the tooling.

bbhorrigan avatar Mar 24 '23 16:03 bbhorrigan

Just adding a note as I wont be entering usernames/passwords into a plain text file. If we prompted like the usual for token access (web authentication) that would be fine!

MBstatsara avatar Mar 27 '23 16:03 MBstatsara

I've been playing with the tool this afternoon, and it seems pretty well put together. Great job! do you know if you have plans or ideas to deal with having the username and password in the .conf and .d4iot_conf files? Maybe some type of OAuth or secret authentication that would allow me to not have to store those credentials. Maybe some type of guide that explains how to hash them? In the Gov Space, we are not allowed to store passwords in clear text.

Thank you for putting the work into this tool.

What is the work, as a high-level summary?

Update authentication method so that we can remove the need to store UN/PW in clear text.

Why does this work belong in this project?

N/A

Implementation notes

N/A

Acceptance criteria

How do we know when this work is done?

  • [ ] Criterion

+1 on this

Pavel-Sushko avatar Mar 27 '23 20:03 Pavel-Sushko

Agree with comments above, I was pretty excited to use this tool but not if I have to store username and passwords in cleartext.

sbailey8800 avatar Mar 28 '23 18:03 sbailey8800

Hello, the feature has been added. Please let us know if this is what you are looking for.

victoriawallace-cisa avatar Apr 05 '23 22:04 victoriawallace-cisa

Fantastic add, good job, this is working as intended.

bbhorrigan avatar Apr 06 '23 14:04 bbhorrigan