Add security note about passing credentials as args

This commit is contained in:
Midgard 2021-09-27 00:36:34 +02:00
parent c346053ebb
commit 3fd26f6e03
Signed by: midgard
GPG key ID: 511C112F1331BBB4

View file

@ -451,15 +451,20 @@ Hint: JSON output can be filtered with jq(1).
subparsers = argparser.add_subparsers(title="actions", dest="action", required=True) subparsers = argparser.add_subparsers(title="actions", dest="action", required=True)
parser_login = subparsers.add_parser("login", help="retrieve an access token") password_argument_warning = f"""
Security note: Other programs and users can typically read which arguments you give to any program. Therefore it strongly advised to use the environment variable (envvar) method when passing the credentials to the program. In many shells you can do so like this:
{ENVVAR_USERNAME}='aiden' {ENVVAR_PASSWORD}='2FifeVg2UGbCETYdaWscf7hmDvUHbp' {prog_name} login
""".strip()
parser_login = subparsers.add_parser(
"login", help="retrieve an access token", epilog=password_argument_warning, formatter_class=argparse.RawTextHelpFormatter)
parser_login.add_argument( parser_login.add_argument(
"login_id", "login_id",
help=f"username or email; envvar: {ENVVAR_USERNAME}", help=f"username or email; envvar: {ENVVAR_USERNAME}",
default=os.getenv(ENVVAR_USERNAME)) default=os.getenv(ENVVAR_USERNAME))
parser_login.add_argument( parser_login.add_argument(
"--password", help=f"envvar: {ENVVAR_PASSWORD}", default=os.getenv(ENVVAR_PASSWORD)) "--password", help=f"see security note below; envvar: {ENVVAR_PASSWORD}", default=os.getenv(ENVVAR_PASSWORD))
parser_login.add_argument( parser_login.add_argument(
"--totp", help=f"envvar: {ENVVAR_TOTP}", default=os.getenv(ENVVAR_TOTP)) "--totp", help=f"see security note below; envvar: {ENVVAR_TOTP}", default=os.getenv(ENVVAR_TOTP))
# TODO support multiple channels # TODO support multiple channels
# parser_cat = subparsers.add_parser("cat", help="list messages in channel(s)") # parser_cat = subparsers.add_parser("cat", help="list messages in channel(s)")