Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gut stores personal access tokens in clear text #174

Open
snomos opened this issue Mar 30, 2022 · 3 comments
Open

gut stores personal access tokens in clear text #174

snomos opened this issue Mar 30, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@snomos
Copy link
Member

snomos commented Mar 30, 2022

Anyone having access to the computer can take over the GitHub account.

Fix: store in keychain, access through system calls.
@snomos snomos added the bug Something isn't working label Mar 30, 2022
@bbqsrc
Copy link
Member

bbqsrc commented Jun 20, 2022

There is no cross-platform way to do this. This is also the industry standard approach, even github's gh tool does this.

@snomos
Copy link
Member Author

snomos commented Jun 20, 2022

How can it be industry standard to store what amounts to a password in clear text on a local machine?? Unbelievable. Physical access is not necessary to get to the token, just whatever access one can establish. This looks like a nightmare in the making...

@bbqsrc
Copy link
Member

bbqsrc commented Jun 20, 2022

Welcome to 2022, where plaintext tokens are still the norm lol.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bbqsrc @snomos