Skip to content


Don't encourage people to store GitHub credentials in a plain text file #14

olivierlacan opened this Issue · 7 comments

6 participants


This is a really cool plugin, I really don't mean to be a dick about this, but please don't encourage people to store things as business sensitive in a plain text settings file.

Could you include more details on how to setup the Keychain integration? I do have a record in my keychain and the plugin apparently can't read it because it still prompts me for credentials.

Isn't there a way to use an API key for Gist creation instead, for instance?


It'd probably be easier for me to debug Keychain integration problems, as I wrote that code.

Can you press Cmd-I on the keychain record and post/send me a screenshot (with password hidden, obviously)?


About API key authentication: unfortunately, API v2 which supports API keys is deprecated and Gist APIs are mostly undocumented. API v3, which this plugin is using, only supports OAuth (so it's impossible to use for anything that isn't a web app).


Does github stopping us somehow on using that approach?


Github API docs explicitly state that desktop apps should use Basic auth for now, probably because they haven't implemented the installed apps authentication sequence yet.


Does not store username/password in plain text:


I’d hate for one of our users to have their account compromised because they stored GitHub credentials in plaintext. This plugin seems to work really well using the Keychain integration, so is it possible to deprecate the plaintext functionality completely?


Thanks to skuroda who made token authorization that can be used instead of Mac OS Keychain on Windows/Linux

@condemil condemil closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.