I just talked to @mmalecki yesterday and he also liked the idea.
I suggested using some token authorization after first login with credentials, so you'll only have to enter the credentials one time at logon and get a valid token (created from hashed password and some client unique data?). So the real password would be kept private (think of using c9.io for pushing up to nodejitsu) and not stored as plaintext in .jitsuconf.
What do you think about it? How could we realize this?
This sounds like a very good idea. It's a change that's blocked by the exposure of API keys, however.
Once nodejitsu has API keys in-place and working, we should come back to this issue.
[fix] saves auth token instead of password. Fixes #371 and #302
This will go out in the next jitsu release