Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README recommends placing secrets in plain text on the command line #7

Open
jdufresne opened this issue Aug 19, 2022 · 0 comments
Open

README recommends placing secrets in plain text on the command line #7

jdufresne opened this issue Aug 19, 2022 · 0 comments

Comments

@jdufresne
Copy link

In the "Config command" section https://github.com/airbrake/airbrake-cli#config-command the following snippet exists:

airbrake config set user-key YOUR_USER_KEY_HERE

This suggests the user put their secret (user-key) on the command line in plain text. This is normally consider a bad practice in security realms as:

  1. Unix commands like ps and top often show command line arguments to other users, thus leaking the secret
  2. The command gets place in the shell history, thus leaking the secret

It would be nice if the secret could be set either:

  1. Through an environment variable
  2. Command stdin/stdout piping
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jdufresne