You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem
Storing a GitHub token in the environment is somewhat risky, no matter how short lived.
Possible resolution
Perhaps provide a flag that indicates if gh auth login or gh auth login --with-token < some-token-file.txt can be used to help people better secure their GitHub secrets.
Workaround considered:
A secrets manager wrapper that only sets the environment for the course of that run.
I've not found any (yet) that run in git-bash. Even with this workaround, there's a chance that the process could get compromised exposing the secret. Albeit the window of opportunity is much lower.
The text was updated successfully, but these errors were encountered:
Problem
Storing a GitHub token in the environment is somewhat risky, no matter how short lived.
Possible resolution
Perhaps provide a flag that indicates if
gh auth login
orgh auth login --with-token < some-token-file.txt
can be used to help people better secure their GitHub secrets.Workaround considered:
A secrets manager wrapper that only sets the environment for the course of that run.
I've not found any (yet) that run in git-bash. Even with this workaround, there's a chance that the process could get compromised exposing the secret. Albeit the window of opportunity is much lower.
The text was updated successfully, but these errors were encountered: