How to Store Sensitive Information for a Command Line Tool?
Question
Let's say you build a client that sits on top of an API that requires an access token. Users of the client can plug in their access token, and life is great.
Let's say you want to build a simple command line tool that executes commands that use this client. And let's say you want to make this tool externally accessible via some package management system (eg npm, pypi, etc.).
Is there a way to do this without exposing the access token that the command line tool would be using?
Obviously, you could have every user of this command line tool input their own access token vs. using the application's access token.
1 answers
solution1
0 2016-12-23 23:56:55
If you prefer to restrict who can download your tool and leave the application access token in, you could use Artifactory or a similar product to set up a private repository. The downside (besides not being able to do anything about unauthorized redistribution) is that your users will need to add their authentication details to their .npmrc or similar in order to connect to the private repo, so you're really just putting the problem at one remove. And if you're going through npm you'll need to scope your package names or make users juggle multiple registries.
Your tool could also read a config file on startup and get the user access token from that, like how you would read connection information for a local database. The configuration file isn't distributed, or is shipped as a sample with the intention for the end user to edit their details in before use.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.