Keyring #123
Merged
Keyring #123
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 tasks
ecc8c0a to
a7089b4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#122
This pull request removes credentials from
~/.keyconjurerrcin favor of storing them in the operating system keychain. Flat file are not a secure place to place credentials. If we end up switching to supporting OIDC from SAML we will be dealing with refresh tokens, and those should definitely be stored in a more secure location.The current risk presented by
~/.keyconjurerrcis mitigated by the fact that our session tokens can only last 1 hour due to our use of theokta.web.ssoscope.Needs testing on Linux, WSL and Windows: Mac had its own quirks and I am sure WSL will too.