fotingo icon indicating copy to clipboard operation
fotingo copied to clipboard

Published 20 hours ago verified publisher icon tagoro9

Remove secrets from configuration

Open alanpearce opened this issue 7 years ago • 1 comments

It's generally accepted that keeping secrets on disk in unencrypted files is a _Bad Idea_™. Having secrets inside the fotingo configuration keeps me from publishing it alongside my other dotfiles.

There are probably multiple ways to approach the issue. What I think would make sense is the ability to specify a program to fetch the JIRA password/github API key. A user could then use e.g. pass , command-line access to the system keychain (e.g. for macOS) or any other tool that outputs the password to stdout.

Another option would be to read from environment variable, like the AWS command-line tools.

Either way, fotingo wouldn't have to deal with any cryptographic operations

There are probably other approaches, but these ones consistent with what I've seen in other command-line tools.

I looked at the code, and it seems like it would be easier to use environment variables, or read the secrets via command once and keep them in memory. However, It would be more secure to use the command approach and call the command each time, but that would require some changes in http-client. I would think that auth.password would therefore have to be a function, which would either be R.always(pass) for a string password, or a function that calls the specified command (child_process.execSync). The configuration format would then need some way of indicating whether the password is a string or command. Perhaps the command could be specified as an object, then the decision to use string/command processing would be based on the type?

I think I could probably work on this.

alanpearce avatar Jun 15 '17 09:06 alanpearce

I'm sorry, I didn't realize this issue had been created until today. I totally agree that saving the password in plain text in the config file is not good at all.

For now, I have a ~/.fotingo file with the credentials and the you can have a fotingo file in the repository with only the shareable data.

I'll dedicate some more time later to think about a possible implementation, but definitely it is something that needs to be done.

tagoro9 avatar Jul 25 '17 00:07 tagoro9