github(login): Add a way to read ~/.netrc.gpg encrypted files #624
Conversation
|
Hello, there. Sorry for the long delay.
|
lib/travis/tools/github.rb
Outdated
| @@ -278,11 +278,22 @@ def security(type, key, arg, name) | |||
| end | |||
|
|
|||
| def file(path, default = nil) | |||
| path &&= File.expand_path(path) | |||
| gpg_path = File.expand_path("#{path}.gpg") | |||
There was a problem hiding this comment.
This implementation checks for gpg-encrypted files on all #file calls, which is far more than just the credentials. I don't know if that is a good idea.
There was a problem hiding this comment.
Indeed, thanks for reviewing (and sorry for the delay!). I've changed the code to avoid this.
I usually don't store authentication information in plain text in my home directory. Instead most of my secrets are stored in *.gpg files which can be read by relevant applications if my GPG key has been unlocked in my X session. The current implementation of travis.rb only reads ~/.netrc for `--auto` logins. It would be nice for the cli to also be able to read `~/.netrc.gpg` file. This PR adds a system (`Open3.capture3`) call to the `gpg` binary because users using `*.gpg` files would probably always have the binary available in their path. Thanks!
Good point, I've implement a system call to |
Context
I usually don't store authentication information in plain text in my home directory. Instead most of my secrets are stored in *.gpg files which can be read by relevant applications if my GPG key has been unlocked in my X session.
The current implementation of travis.rb only reads ~/.netrc for
--autologins. It would be nice for the cli to also be able to read~/.netrc.gpgfile.PR Content
This PR adds the gpgme gem as a dependency to be able to read *.gpg files if needs be.
Doubts
I am not sure requiring the
gpgmegem in the gemspec is a good idea as it really depends on wether you have *.gpg files to read or not. Do you have a better idea on how we could do that?Thanks!