calcurse-caldav: Support PasswordCommand option
This commit adds a new `Auth/PasswordCommand` option
to support security best practices re: handling secrets
in CLI program configuration.
Prior to this commit, the two available options
for specifying a password were:
1. via the `Auth/Password` config parameter, or
2. via a `$CALCURSE_CALDAV_PASSWORD` environment variable.
The former is unsafe for obvious reasons;
the latter is unsafe because as long as the script is running,
its environment can be accessed via
$ cat /proc/<pid>/environ
and is thus visible to anyone with access to the system.
This commit preserves preexisting behavior (for backward compatibility)
but removes all mention of option 2 from the README.
Since the README example for option 2 used a password command anyway,
there is little reason to continue its use,
and this commit recommends it be deprecated.
Signed-off-by: Lukas Fleischer <lfleischer@calcurse.org>
This commit is contained in:
Ryan Lue
committed by
Lukas Fleischer
Lukas Fleischer
parent
4cd300f2c4
commit
e772c4b6d5
@@ -48,11 +48,13 @@ DryRun = Yes
|
||||
# Enable this if you want detailed logs written to stdout.
|
||||
Verbose = Yes
|
||||
|
||||
# Credentials for HTTP Basic Authentication. Leave this commented out if you do
|
||||
# not want to use authentication.
|
||||
# Credentials for HTTP Basic Authentication (if required).
|
||||
# Set `Password` to your password in plaintext (unsafe),
|
||||
# or `PasswordCommand` to a shell command that retrieves it (recommended).
|
||||
#[Auth]
|
||||
#Username = user
|
||||
#Password = pass
|
||||
#Password = password
|
||||
#PasswordCommand = pass baikal
|
||||
|
||||
# Optionally specify additional HTTP headers here.
|
||||
#[CustomHeaders]
|
||||
|
||||
Reference in New Issue
Block a user