Don't write token to ~/.config/lab/lab.toml if environment is used

[doronbehar]

Hello

Running lab for the first time. The experience is still not fluid as with gh by GitHub, but still it's a nice to have!

I am trying to avoid putting tokens and passwords in configuration files. I tried to use the $LAB_CORE_TOKEN environment variable, and lab managed to authenticate, but I noticed that the token is never the less written into ~/.config/lab/lab.toml. Why is that? Doesn't make sense to me.

[prarit]

Oh interesting. I'm going to play around with this and see what I can come up with. What you said makes complete sense to me; if the TOKEN is specified on the command line it shouldn't be saved to the toml file.

[prarit]

Hi @doronbehar . My apologies for not getting to this sooner. I finally found some time to investigate this issue.

I did

LAB_CORE_TOKEN="<secret> lab mr list

and do not see that the lab.toml file is overwritten? Is there some command you executed where the file was written?

[doronbehar]

and do not see that the lab.toml file is overwritten?

Should I understand from https://github.com/zaquestion/lab/pull/868 that you did find the place where the config is written?

Is there some command you executed where the file was written?

I'm pretty sure it was lab project create.

[prarit]

@doronbehar is there any chance you could try to reproduce using latest lab top-of-tree? I did

cp ~/.config/lab/lab.toml /tmp/lab.toml.hold
# edited ~/.config/lab/lab.toml to remove the token entry
LAB_CORE_TOKEN="<secret>" lab project create

And I do not see that the ~/.config/lab/lab.toml is overwritten? I could be doing it differently than you are.