kubelogin icon indicating copy to clipboard operation
kubelogin copied to clipboard

Published 20 hours ago verified publisher icon int128

Added key cache via OS keyring

Open applejag opened this issue 10 months ago • 0 comments

Changed the repository.Repository implementation to use https://github.com/zalando/go-keyring

This means that password tokens are stored in OS keyring instead of in plain text on your disk.

Screenshot from "KDE Wallet Management Tool", the app used to inspect OS keyring on KDE:

Screenshot_20230825_121730

Usage:

- name: oidc
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
        - oidc-login
        - get-token
        - --oidc-issuer-url=https://...............
        - --oidc-client-id=google
        - --oidc-client-secret=...............
        - --force-keyring # <--- new flag
      command: kubectl
      env: null
      interactiveMode: IfAvailable
      provideClusterInfo: false

The code prefers the OS keyring, if supported. Falls back to file based cache. Can be overridden with the new flags:

  • --force-keyring
  • --no-keyring

Closes #952

applejag avatar Aug 24 '23 17:08 applejag