provide a mechanism to store credentials "safely"

[ThomasWaldmann]

For example using https://pypi.python.org/pypi/keyring. This should be optional (from an API point of view), and it should be easy to setup during a first run (interactive use).

[ThomasWaldmann]

while I agree that plaintext passwords in configs aren't very safe(*), I don't see how a keyring is helpful for a service that is usually started automatically at boot time (e.g. by a init script) and runs unattended in the background, even if no user is logged in.

is there some other way to use a keyring that doesn't require the user interactively opening the keyring?

(*) if the dyndnsc service is started as root or as a special service user, file owner/group/mode can help protect the passwords.

[infothrill]

The use case I had in mind is for interactive desktop users who have a login session of sorts and want their desktop machine to be put in DNS. But I fully agree, this is probably something we should leave for "later".

[Technikte]

I think there me and some other which would use it a bit different. I like to use your tool 24/7 to update my home wan ipv4/ipv6 in my domain since my fritzbox can't update it to the right ipv6 adress. (in my ipv6 every host got an public adress..so my fritzbox has an different than my server host) So in this use case I would hardcode my login data plain in the config file. ++