英文:
Creating a CLI: What should I do with the password in the config file (and how)?
问题
我正在使用Go编写一个CLI,并且我想将密码保存到一个配置文件中,该文件保存在用户的主目录中。
在保存时,我应该对密码进行加密,并在将其发送到CLI与之交互的服务器时进行解密吗?
如果是这样,Go语言中是否有一个很好的内置库可以实现这个功能?我希望尽可能简单,并且不使用任何额外的外部包。我看到的所有答案都相当复杂。
应该像这样:
func Encrypt(password string) string
func Decrypt(password string) string
有什么想法吗?
英文:
I'm writing a CLI with Go and I want to save the password to a config file that is saved in the user home directory.
Should I encrypt the password on save and decrypt it when sending it to the server the CLI interact with?
And if so, is there a good built in library in go library to do so? I want to keep it as simple as possible and without using any additional outside packages. All the answers I saw was quite complex.
Should be something like this:
func Encrypt(password string) string
func Decrypt(password string) string
Any ideas?
答案1
得分: 2
免责声明:核心库本身不提供此功能。有一个来自Docker的第三方库可以帮助实现。
现代操作系统提供了存储密钥的工具和API,以确保安全。
- Apple:Keychain
- Linux:Secret Service
- Windows:Credentials Manager API
Git和Docker使用这些工具来存储您的凭据。
David Calavera在2016年为Docker Engine v1.11贡献了Docker凭据助手,并撰写了一篇名为停止将凭据令牌保存在文本文件中的文章。该文章描述了问题,提供了Linux的简单实现,并展示了如何使用该库。
package main
import (
"github.com/docker/docker-credential-helpers/client"
"github.com/docker/docker-credential-helpers/credentials"
)
var nativeStore = client.NewShellProgramFunc("docker-credential-secretservice")
func main() {
c := &credentials.Credentials{
ServerURL: "https://api.github.com",
Username: "token",
Secret: "my-super-secret-token",
}
client.Store(nativeStore, c)
storedCreds, err := client.Get(nativeStore, "https://api.github.com")
}
Docker凭据助手的缺点是它要求您安装其二进制文件并且需要CGo。我特别添加了Docker的解决方案,因为它在评论中提到,但是还有类似的库:
-
99designs/keyring - 最初是AWS vault库的一部分。
-
zalando/go-keyring - 一个纯Go实现,旨在避免C绑定。
英文:
Disclaimer: The core lib does not provide this functionality out of the box. There is a third party lib for Go (from Docker) which can help.
Modern Operating Systems provide tools and APIs to store secrets in a secure way.
- Apple: Keychain
- Linux: Secret Service
- Windows: Credentials Manager API
Git and Docker uses these tools to store your credentials.
David Calavera who contributed Docker credential helpers to Docker Engine v1.11 wrote an article titled Stop saving credential tokens in text files in 2016. The article describes the problem, a simple implementation for Linux and shows how to use the library.
package main
import (
"github.com/docker/docker-credential-helpers/client"
"github.com/docker/docker-credential-helpers/credentials"
)
var nativeStore = client.NewShellProgramFunc("docker-credential-secretservice")
func main() {
c := &credentials.Credentials{
ServerURL: "https://api.github.com",
Username: "token",
Secret: "my-super-secret-token",
}
client.Store(nativeStore, c)
storedCreds, err := client.Get(nativeStore, "https://api.github.com")
}
The drawback of Docker credential helpers is that it expects you to install its binaries and needs CGo. I added the Docker solution specifically because it was mentioned in the comments but there are similar libraries:
-
99designs/keyring - Originally was part of AWS vault lib.
-
zalando/go-keyring - A pure Go implementation which goal was to avoid C bindings.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论