Skip to content

Loading…

Don't encourage people to store GitHub credentials in a plain text file #14

Closed
olivierlacan opened this Issue · 7 comments

6 participants

@olivierlacan

This is a really cool plugin, I really don't mean to be a dick about this, but please don't encourage people to store things as business sensitive in a plain text settings file.

Could you include more details on how to setup the Keychain integration? I do have a github.com record in my keychain and the plugin apparently can't read it because it still prompts me for credentials.

Isn't there a way to use an API key for Gist creation instead, for instance?

@technocoreai

It'd probably be easier for me to debug Keychain integration problems, as I wrote that code.

Can you press Cmd-I on the keychain record and post/send me a screenshot (with password hidden, obviously)?

@technocoreai

About API key authentication: unfortunately, API v2 which supports API keys is deprecated and Gist APIs are mostly undocumented. API v3, which this plugin is using, only supports OAuth (so it's impossible to use for anything that isn't a web app).

@yevgenko

http://code.google.com/apis/accounts/docs/OAuth2InstalledApp.html

Does github stopping us somehow on using that approach?

@technocoreai

Github API docs explicitly state that desktop apps should use Basic auth for now, probably because they haven't implemented the installed apps authentication sequence yet.

@brkattk

Does not store username/password in plain text: https://github.com/bgreenlee/sublime-github

@cobyism

I’d hate for one of our users to have their account compromised because they stored GitHub credentials in plaintext. This plugin seems to work really well using the Keychain integration, so is it possible to deprecate the plaintext functionality completely?

@condemil
Owner

Thanks to skuroda who made token authorization that can be used instead of Mac OS Keychain on Windows/Linux

@condemil condemil closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.