Creating a CLI: What should I do with the password in the config file (and how)?

huangapple go评论98阅读模式
英文:

Creating a CLI: What should I do with the password in the config file (and how)?

问题

我正在使用Go编写一个CLI,并且我想将密码保存到一个配置文件中,该文件保存在用户的主目录中。

在保存时,我应该对密码进行加密,并在将其发送到CLI与之交互的服务器时进行解密吗?

如果是这样,Go语言中是否有一个很好的内置库可以实现这个功能?我希望尽可能简单,并且不使用任何额外的外部包。我看到的所有答案都相当复杂。

应该像这样:

func Encrypt(password string) string
func Decrypt(password string) string

有什么想法吗?

英文:

I'm writing a CLI with Go and I want to save the password to a config file that is saved in the user home directory.

Should I encrypt the password on save and decrypt it when sending it to the server the CLI interact with?

And if so, is there a good built in library in go library to do so? I want to keep it as simple as possible and without using any additional outside packages. All the answers I saw was quite complex.

Should be something like this:

func Encrypt(password string) string
func Decrypt(password string) string

Any ideas?

答案1

得分: 2

免责声明:核心库本身不提供此功能。有一个来自Docker的第三方库可以帮助实现。

现代操作系统提供了存储密钥的工具和API,以确保安全。

  • Apple:Keychain
  • Linux:Secret Service
  • Windows:Credentials Manager API

Git和Docker使用这些工具来存储您的凭据。

David Calavera在2016年为Docker Engine v1.11贡献了Docker凭据助手,并撰写了一篇名为停止将凭据令牌保存在文本文件中的文章。该文章描述了问题,提供了Linux的简单实现,并展示了如何使用该库。

package main

import (
  "github.com/docker/docker-credential-helpers/client"
  "github.com/docker/docker-credential-helpers/credentials"
)

var nativeStore = client.NewShellProgramFunc("docker-credential-secretservice")

func main() {
  c := &credentials.Credentials{
    ServerURL: "https://api.github.com",
    Username: "token",
    Secret: "my-super-secret-token",
  }
  
  client.Store(nativeStore, c)
  storedCreds, err := client.Get(nativeStore, "https://api.github.com")
}

Docker凭据助手的缺点是它要求您安装其二进制文件并且需要CGo。我特别添加了Docker的解决方案,因为它在评论中提到,但是还有类似的库

英文:

Disclaimer: The core lib does not provide this functionality out of the box. There is a third party lib for Go (from Docker) which can help.

Modern Operating Systems provide tools and APIs to store secrets in a secure way.

  • Apple: Keychain
  • Linux: Secret Service
  • Windows: Credentials Manager API

Git and Docker uses these tools to store your credentials.

David Calavera who contributed Docker credential helpers to Docker Engine v1.11 wrote an article titled Stop saving credential tokens in text files in 2016. The article describes the problem, a simple implementation for Linux and shows how to use the library.

package main

import (
  "github.com/docker/docker-credential-helpers/client"
  "github.com/docker/docker-credential-helpers/credentials"
)

var nativeStore = client.NewShellProgramFunc("docker-credential-secretservice")

func main() {
  c := &credentials.Credentials{
    ServerURL: "https://api.github.com",
    Username: "token",
    Secret: "my-super-secret-token",
  }
  
  client.Store(nativeStore, c)
  storedCreds, err := client.Get(nativeStore, "https://api.github.com")
}

The drawback of Docker credential helpers is that it expects you to install its binaries and needs CGo. I added the Docker solution specifically because it was mentioned in the comments but there are similar libraries:

huangapple
  • 本文由 发表于 2015年10月17日 14:43:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/33183692.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定