Wouldn't it be cool to use ssh public key authentication instead of the password?
We're looking at a couple of options for better security. I think our model will look a bit like GitHub - you use SSH keys for Git and SSH access, but you use API tokens for the API endpoint. Getting cert auth to work right on a wide range of clients is difficult in practice, and API tokens have the nice benefit of being able to be expired at arbitrary intervals, whereas it might be confusing to try and expire an SSH key on the server side.
Either way, something we're actively working on improving.
thank you for the answer, @smarterclayton I'm looking forward to using it.
I'll update this issue when the feature starts to settle out.
+1 on this feature. I want to run automated backups on a regular basis using this tool, and it stinks to be storing the password somewhere in clear text.
+1 I am all for this, I hate having to type in my password every time I want to run a command. I think that cacheing an API token is a great idea.
Access tokens are now implemented - let us know how you think it's going