Should not store password in plaintext

Comments (7)

1. 

   Seb Ruiz Account Deactivated

   I agree. The configuration file is stored with a permission bit of 0600 to reduce impact.

   I doubt that I will have any time to implement OAuth in the command line tools.

   • 2014-02-05T22:20:55+00:00
2. 

   Alex Varju

   Perhaps https://rubygems.org/gems/ruby-keychain could be integrated...

   • 2014-02-07T23:41:27+00:00
3. 

   Seb Ruiz Account Deactivated

   Naturally, ruby-keychain only supports the OSX keychain. I believe OAuth would be a better implementation as it does not require a password to be stored and is platform agnostic.

   • 2014-02-09T22:06:35+00:00
4. 

   Alexander Renteln

   We had the same problem that we did not want to store any passwords. We came up with an extension of the ssh command interface: Pull-Request Support Via SSH

   This way you can use the ssh key which is in .~/.ssh/ anyway.

   • 2014-06-12T14:02:21+00:00
5. 

   rajsahae

   Other password based config files allow you to use any shell command (such as a gpg command) to retrieve the password.

   goobook and msmtp both use a "passwordeval" key that takes a system command, for example:

   Goobook:

   passwordeval: gpg --no-tty --quiet --decrypt ~/.account-password.gpg
   

   msmtp:

   passwordeval gpg --no-tty --quiet --decrypt ~/.msmtp-gmail.gpg
   passwordeval gpg --no-tty --quiet --decrypt ~/.msmtp-work.gpg
   

   I like this approach as you can use whatever shell command you want to evaluate and return your password.

   You could pull the command in via a yaml string and just execute it.

   • 2015-05-07T22:15:01+00:00
6. 

   rajsahae

   I submitted a pull request for this.

   https://bitbucket.org/atlassian/stash-command-line-tools/pull-request/23/added-passwordeval-capability-to-bin-stash/diff

   • 2015-05-07T23:31:12+00:00
7. 

   Seb Ruiz Account Deactivated

   • changed status to resolved

   • 2015-05-14T06:24:22+00:00
8. Log in to comment