flux2 icon indicating copy to clipboard operation
flux2 copied to clipboard
verified publisher icon fluxcd

Flux CLI support for parameters from env vars (at least sensitive ones such as password)

Open canidam opened this issue 3 years ago • 1 comments

Discussed in https://github.com/fluxcd/flux2/discussions/2557

Originally posted by canidam March 21, 2022 Bootstrapping flux with git subcommand using credentials requires the user to provide password over CLI.

  # Run bootstrap for a Git repository and authenticate using a password
  flux bootstrap git --url=https://example.com/repository.git --password=<password>

This is a bad pattern. I find it weird flux doesn't support provide credentials over environment variables or from a file.

Couple of problems with such pattern:

  1. Password is kept in history by default (unless user remembers to start with the command with a space)
  2. Other users on the machine can read the password in clear-text with ps -aux

Why does the flux CLI doesn't support variables from the environment? Is that something worth opening a PR for?

canidam avatar Apr 06 '22 07:04 canidam

I use the git provider for bitbucket server, that's why I need it. I'll open PR to align this with the other providers

canidam avatar Apr 06 '22 07:04 canidam