Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for password input via command line (or generic password input) #110

Closed
redstreet opened this issue Dec 14, 2020 · 5 comments
Closed

Support for password input via command line (or generic password input) #110

redstreet opened this issue Dec 14, 2020 · 5 comments

Comments

@redstreet
Copy link
Contributor

redstreet commented Dec 14, 2020
edited
Loading

I'm wondering if you'd be open to adding other means for password input than just python-keyring (which I don't and can't use). Here are a few suggestions:

  • --password option so it can be specified on the command line. This sounds insecure at first glance, but this is for use in scripting (eg: --password $(/usr/bin/pass bank/login)

  • --password-command option that is common in command line environments. Example:
    export RCLONE_PASSWORD_COMMAND="pass rclone/config". The username specified by -u would need to be sent as a parameter to this command so it knows what password to return.

Thoughts/opinions?

Thank you for writing and maintaining ofxtools BTW, it's very helpful!
@csingley
Copy link
Owner

Sure, pass is good stuff.

I think having a password arg will be make for nicer code... let the shell handle its own business; we don't want ofxget opening subprocesses, really.

The main thing is to ensure that passing the write arg doesn't dump the p/w to user config file. Secondary priority is to ignore the p/w in config file if the user puts it there.

That just leaves it in the .bash_history or what have you if the user types it in, and shoulder surfing. Getting down in the weeds of a realistic threat model for an obscure library used exclusively by technofinance weenies. Could put some language in the help reminding the user not to do anything stupid.

@redstreet
Copy link
Contributor Author

Great. I'll send a PR when I have a bit of time later in the month.

@csingley
Copy link
Owner

Have at it. Should be pretty easy. Just a heads-up: add an empty string default for the new arg to ofxtools.scripts.ofxget.DEFAULTS. Do not under any circumstances add password to ofxtools.scripts.ofxget.configurable_user.

@redstreet redstreet mentioned this issue Jan 15, 2021
Merged
@redstreet
Copy link
Contributor Author

redstreet commented Jan 15, 2021
edited
Loading

PR #113. Turned out to be trivial because of CONFIGURABLE

  • --write does not dump password (it doesn't, since it's not in CONFIGURABLE)
  • ignore password in config file (ditto)
  • add to ofxtools.scripts.ofxget.DEFAULTS
  • do not add to ofxtools.scripts.ofxget.configurable_user

@csingley
Copy link
Owner

Trivial is how I like it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@csingley @redstreet