On credential storage

[pierre-emmanuelJ]

Issue by Fnux
Friday Sep 21, 2018 at 06:48 GMT
Originally opened as exoscale/egoscale#330

---

Hello,

The exo command line utility seems very convenient, but the way it stores credentials bothers me: it doesn't make sense to use 2FA to authenticate against portal.exoscale.com while a plaintext file containing API credentials working for any services sits on my disk. Is there a way - or is it planned - to sources these credentials from an external command ? I'd like to source the secret from my password store.

Thank you!

[pierre-emmanuelJ]

Comment by greut
Friday Sep 21, 2018 at 07:44 GMT

---

@Fnux do you have any tools in mind that does it correctly?

(note for myself) https://github.com/zalando/go-keyring

[pierre-emmanuelJ]

Comment by Fnux
Friday Sep 21, 2018 at 11:49 GMT

---

In order to easily interface with any setup, I believe the easiest way would be to read the output of an external command (by adding a secreteval field to the exoscale.toml configuration file):

defaultaccount = "example"

[[accounts]]
  account = "example"
  computeEndpoint = "https://api.exoscale.ch/compute"
  defaultTemplate = ""
  defaultZone = "ch-gva-2"
  dnsEndpoint = "https://api.exoscale.ch/dns"
  key = "example-key"
  name = "inilab"
  # Using https://www.passwordstore.org/
  secreteval =  "pass show exoscale/example-secret | head -n 1"

[pierre-emmanuelJ]

Comment by greut
Friday Sep 21, 2018 at 12:06 GMT

---

@Fnux it sounds simple enough, love it. eval is evil 😉