uncache password after upload post

[Curycu]

after wiki post, Sys.getenv("CONFLUENCE_PASSWORD") shows password as plain text : so uncache password after post upload

[CLAassistant]

All committers have signed the CLA.

[yutannihilation]

Sys.getenv("CONFLUENCE_PASSWORD") shows password as plain text

Could you explain when this can be an actual problem?

[Curycu]

with pop up box writing : user id, pw
and then I was surprised by plain text cached my wiki password is displayed with Sys.getenv() command. I think other people also be surprised too. so add this line.

[yutannihilation]

I know using an environmental variable is not a super cool idea, but it's a common practice to use it to store a secret because it's a (relatively) safe place; no one can look into your environment except when they has root privilege.

c.f. https://cran.r-project.org/web/packages/httr/vignettes/secrets.html

I cannot accept this PR because this would make conflr inconvenient just for protecting you from being surprised, not from real threats. Sorry.

That said, I understand you might be surprised. I'll consider adding some notice and an option not to cache this... Anyway, thanks for letting us know the issue!

[yutannihilation]

@Curycu
conflr now has an option not to cache the password and username as envvars. Could you confirm adding the below into your ~/.Rprofile works when you have time?

options(conflr_dont_cache_envvar = TRUE)

[Curycu]

@yutannihilation
post upload conflr asks id & pw 3 times
when I try to fix this I also had same issue. my final choice was "cache as usual and delete".

[yutannihilation]

Ah, I see. Thanks, for the notice, I'll reopen the issue...

[yutannihilation]

@Curycu I ended up employing your approach with an option (#48). I still doesn't feel this is the best way to do, but I haven't come up with some nicer idea than yours. Anyway, thanks for your contribution :)