You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are various ways to specify alternative sources for repository credentials — including profiles (quite verbose if all you want to do is pull creds from the environment instead of from :gpg) and unquote (yuck). A passing comment by @technomancy suggested a third way that might be a sweet spot.
In short, allow repository credentials to be specified like so:
Any values acceptable as a value for :username, :passphrase, and :password (:env, :gpg, :env/*, and strings) could be used in a vector instead.
Vector values in repository maps could contain N values to control credential lookup; the first one that yields a non-nil value is accepted as the replacement for the vector. In the example above, :username will have the value of (System/getenv "REPO1_USERNAME"), or the value of :username from the gpg credentials file if the environment var isn't defined. :passphrase will look for the LEIN_PASSPHRASE env var, and then fall back to gpg.
Open question: should :env continue to be allowed as a value? The convention of using it to look up an env var of (str "LEIN_" map-key) seems contrived compared to using namespaced keywords to control what env var should be used (and the latter allows more than one pair of credentials to be resolved from the environment).
The text was updated successfully, but these errors were encountered:
cemerick
added a commit
to cemerick/leiningen
that referenced
this issue
Sep 5, 2012
The referenced commit implements these changes. It:
retains support for :env
requires that :gpg be specified for each slot that should be looked up; so, repository maps like this won't work anymore:
{:url ... :creds:gpg}
Each slot that should be loaded from the gpg store needs to be listed explicitly, e.g.:
{:url ... :username:gpg:passphrase:gpg}
The behaviour of merging repository maps with gpg store matches based on :gpg being a value in any slot always struck me as odd.
Looking for feedback on both points, and the objectives of this issue in general. If this patch (or some variant) is acceptable, then I'll add/update documentation before pushing.
* namespaced keywords to control lookup of credentials in env vars
* using a vector to define a number of credential sources to be checked in series
(technomancygh-768)
cemerick
added a commit
to cemerick/leiningen
that referenced
this issue
Oct 5, 2012
I added the 2.0.0 milestone to this just in case that's being used to track changes/features/etc.
As discussed in irc, this includes a warning message if :gpg is found outside of a :creds entry in a repository map:
Warning: if you want to load all credentials for a repository from
~/.lein/credentials.clj.gpg, add :creds :gpg in the repository map.
This message should presumably be removed prior to 2.0.0 final; there's a TODO comment next to it in the source (I don't think we're creating issues to remind of such things?).
There are various ways to specify alternative sources for repository credentials — including profiles (quite verbose if all you want to do is pull creds from the environment instead of from
:gpg
) and unquote (yuck). A passing comment by @technomancy suggested a third way that might be a sweet spot.In short, allow repository credentials to be specified like so:
Any values acceptable as a value for
:username
,:passphrase
, and:password
(:env
,:gpg
,:env/*
, and strings) could be used in a vector instead.Vector values in repository maps could contain N values to control credential lookup; the first one that yields a non-nil value is accepted as the replacement for the vector. In the example above,
:username
will have the value of(System/getenv "REPO1_USERNAME")
, or the value of:username
from the gpg credentials file if the environment var isn't defined.:passphrase
will look for theLEIN_PASSPHRASE
env var, and then fall back to gpg.Open question: should
:env
continue to be allowed as a value? The convention of using it to look up an env var of(str "LEIN_" map-key)
seems contrived compared to using namespaced keywords to control what env var should be used (and the latter allows more than one pair of credentials to be resolved from the environment).The text was updated successfully, but these errors were encountered: