midgard/mmcli
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Add security note about passing credentials as args

Browse source
This commit is contained in:
Midgard 2021-09-27 00:36:34 +02:00
parent c346053ebb
commit 3fd26f6e03
Signed by: midgard
GPG key ID: 511C112F1331BBB4
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
mmcli.py
View file

@ -451,15 +451,20 @@ Hint: JSON output can be filtered with jq(1).
subparsers = argparser.add_subparsers(title="actions", dest="action", required=True)
parser_login = subparsers.add_parser("login", help="retrieve an access token")
password_argument_warning = f"""
Security note: Other programs and users can typically read which arguments you give to any program. Therefore it strongly advised to use the environment variable (envvar) method when passing the credentials to the program. In many shells you can do so like this:
{ENVVAR_USERNAME}='aiden' {ENVVAR_PASSWORD}='2FifeVg2UGbCETYdaWscf7hmDvUHbp' {prog_name} login
""".strip()
parser_login = subparsers.add_parser(
"login", help="retrieve an access token", epilog=password_argument_warning, formatter_class=argparse.RawTextHelpFormatter)
parser_login.add_argument(
"login_id",
help=f"username or email; envvar: {ENVVAR_USERNAME}",
default=os.getenv(ENVVAR_USERNAME))
parser_login.add_argument(
"--password", help=f"envvar: {ENVVAR_PASSWORD}", default=os.getenv(ENVVAR_PASSWORD))
"--password", help=f"see security note below; envvar: {ENVVAR_PASSWORD}", default=os.getenv(ENVVAR_PASSWORD))
parser_login.add_argument(
"--totp", help=f"envvar: {ENVVAR_TOTP}", default=os.getenv(ENVVAR_TOTP))
"--totp", help=f"see security note below; envvar: {ENVVAR_TOTP}", default=os.getenv(ENVVAR_TOTP))
# TODO support multiple channels
# parser_cat = subparsers.add_parser("cat", help="list messages in channel(s)")