Alternative to storing credentials in clear-text

[grzn]

Saving the Salesforce password in clear text should be avoided.

[ori-moisis]

Thanks Guy for the feedback!

Better handling for credentials is definitely on our roadmap.
One direction we are exploring is supporting storing credentials at different secret stores (e.g. remote/shared, or local like OSX keychain, Windows Credential Manager etc.), but we don’t have any plans finalized yet (will update on this ticket once we do).

What kind of a solution do you imagine?

[grzn]

Keychain and alike sound good, in the meantime perhaps an option to type in the password on every fetch?

…

On Wed, May 06, 2020 at 2:09 PM, ori-moisis < ***@***.*** > wrote: Thanks Guy for the feedback! Better handling for credentials is definitely on our roadmap. One direction we are exploring is supporting storing credentials at different secret stores (e.g. remote/shared, or local like OSX keychain, Windows Credential Manager etc.), but we don’t have any plans finalized yet (will update on this ticket once we do). What kind of a solution do you imagine? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub ( #996 (comment) ) , or unsubscribe ( https://github.com/notifications/unsubscribe-auth/AABKYFVNS6F2CK53JONE2J3RQFAM7ANCNFSM4M2IAICQ ).

[tomermevorach]

Hi Guy,
Thanks for this improvement suggestion, it sounds right and we will think about it and try to address this need

[kevin1ftp]

Hi @ori-moisis and @tomermevorach - I wanted to check to see if any solutions for this have been implemented. Thanks!

[ori-moisis]

Is most adapters we support authentication through OAuth now where the tokens stored are not as sensitive as a password which somewhat mitigated this issue (this is obviously not a full solution, just not as bad as storing a password).

we have not implemented alternative credential storages in the CLI yet.

[kevin1ftp]

Okay, good to know. Thank you for the quick response!

…

On Wed, May 31, 2023 at 11:23 AM ori-moisis ***@***.***> wrote: Is most adapters we support authentication through OAuth where the tokens stored are not as sensitive as a password which somewhat mitigated this issue (this is obviously not a full solution, just not as bad as storing a password). we have not implemented alternative credential storages in the CLI yet. — Reply to this email directly, view it on GitHub <#996 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BAGLW2JIQMA7KL2F5M4HLL3XI5O63ANCNFSM4M2IAICQ> . You are receiving this because you commented.Message ID: ***@***.***>

-- <https://hubs.ly/H0GKX6_0> Kevin Grondin [he, him, his] Senior Data Architect office +1-802-861-0460 HQ 50 Lakeside Ave., #341, Burlington, VT 05401 *location: *Massachusetts | time zone ET <https://hubs.ly/H0GKWQh0> <https://hubs.ly/H0GKWL10> <https://hubs.ly/H0GKWvF0> <https://hubs.ly/H0GKWMd0> [image: https://meetings.hubspot.com/kevin-grondin] <https://meetings.hubspot.com/kevin-grondin>