Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for retrieving API token from secure storage (read from env var?) #1082

Open
NateEag opened this issue Feb 10, 2023 · 2 comments
Open

Add support for retrieving API token from secure storage (read from env var?) #1082

NateEag opened this issue Feb 10, 2023 · 2 comments

Comments

@NateEag
Copy link
Contributor

NateEag commented Feb 10, 2023

I like to store secrets in my password store, so that they're encrypted at rest.

The exercism CLI currently stores the user's token in plaintext in the user's config file.

A simple way to allow retrieving secrets from secure storage is to read the token from an env var if it's defined, falling back to reading it from local storage only when the env var is undefined. That would allow users to populate their secrets when and how they want, with whatever tools they like.

One idiom I often use is to prepend setting the secret env var to the command, which looks like this:

EXERCISM_API_TOKEN="$(pass show exercism_api_token)" exercism download --track javascript --exercise=factory-sensors

Another approach I've seen is to support configuring a command to retrieve the API token as needed, which allows for one-and-done configuration. That might look something like this:

exercism configure --token-cmd='pass show exercism_api_token'

Populating an env var is conceptually simpler and maybe more flexible, but puts more weight on the user to know how to use it. Users worrying about secure token storage are probably advanced, so the env var seems like the right answer to me.

Regardless of the exact approach, is there interest in adding support for secure API token storage?
@github-actions
Copy link

Hello. Thanks for opening an issue on Exercism. We are currently in a phase of our journey where we have paused community contributions to allow us to take a breather and redesign our community model. You can learn more in this blog post. As such, all issues and PRs in this repository are being automatically closed.

That doesn't mean we're not interested in your ideas, or that if you're stuck on something we don't want to help. The best place to discuss things is with our community on the Exercism Community Forum. You can use this link to copy this into a new topic there.

Note: If this issue has been pre-approved, please link back to this issue on the forum thread and a maintainer or staff member will reopen it.

@SleeplessByte
Copy link
Member

@NateEag I don't want to speak before my turn but I do believe that at least a late-time passing of the token (second example) would be something we'd be interested in, as well as reading from ENV.

@iHiD iHiD reopened this Feb 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iHiD @NateEag @SleeplessByte