edgedb-cli
edgedb-cli copied to clipboard
Consider not to store password in plain text
foxpro:~$ edgedb instance credentials -I dev
┌──────────────┬───────────┐
│ Host │ localhost │
│ Port │ 10703 │
│ User │ edgedb │
│ Password │ <hidden> │
│ Database │ edgedb │
│ TLS Security │ Default │
└──────────────┴───────────┘
it's hidden
, but actually stored in plain text.
foxpro:~$ cat /home/foxpro/.config/edgedb/credentials/dev.json
{
"port": 10703,
"user": "edgedb",
"password": "Iszh3PvXuq5h8S3eyBgaqoDS", <- wtf?
"database": "edgedb",
"tls_cert_data": "...",
"tls_ca": "...",
"tls_security": "default"
}
I'm not security expert, but seems like it's bad idea.
I can suggest to show prompt for password and let user store it as they wants. For example, it can be done with PGP
or age
encryption.
I don't think we're very special here, as storing credentials in plain text by default is something that devtools do regularly, take any CLI from awscli
to docker
to gh
.
That said, I agree that we should implement support for credential helpers a-la git (and maybe have an opt-in helper to store secrets in system keychain).
I do not know how the current implementation is, though perhaps make sure to create the file with a 600 or 640 mode at most, to avoid other users reading the file after guessing the path (it is a well known location at the end).
Take for example SSH, which requires the individual keys to be 600, for exactly this reason.