Comments (12)
valentijnscholten
commented on August 21, 2024
2
Private keys are usually protected by a password which is asked for onle once on startup and then cached in memory :)
from jira-cli.
iinuwa
commented on August 21, 2024
2
I don't know if Jira Server has this option, but Jira Cloud has an option to create an API token that is separate from your password. It still gives you access to all the API features that your user has access to, but it's scoped to Jira rather than all of the apps that your domain/organization credentials provide access to.
from jira-cli.
watsoncj
commented on August 21, 2024
Consider something like keytar for cross-platform keychain access.
from jira-cli.
miguelmich
commented on August 21, 2024
Great idea @watsoncj, I'll use it definitively!
from jira-cli.
decibyte
commented on August 21, 2024
This is definitely a show stopper for me. Let me know if there is anything I can do to help (that doesn't involve coding).
from jira-cli.
miguelmich
commented on August 21, 2024
I'll be working on the implementation of this fix today hopefully there will be a new release with this hotfix today :)
from jira-cli.
miguelmich
commented on August 21, 2024
@watsoncj I was working on this but then I realized that users from Linux will have to install an additional lib in order to use the CLI, I'll make a research to see if we can find a 100% node cross-platform solution.
PS: I don't know what do you guys think about this?
from jira-cli.
valentijnscholten
commented on August 21, 2024
Alternative could to use OAuth, but that's more complicated and requires cooperation from the JIRA Admins. What about only having the password in memory. So don't store it, but ask it once on startup or on the first command executed?
from jira-cli.
miguelmich
commented on August 21, 2024
@valentijnscholten I like that idea, I will explore more about it, what I'm thinking is since this config file is stored in the user home directory as well as the ssh keys are stored in, one would think this is a safe place, I mean, if an attacker manages to reach your home directory you're in more serious problems, but I agree that having the JIRA password stored without any obfuscation at least is concerning even for me (I don't even like seeing my passwords without the *** characters lol) on the other hand I also think that if you're not in your machine you wouldn't want to have that data stored locally, so your solution makes total sense to me.
I'll take a look at how to store recurring data in memory and if anyone else has any other better idea you're welcome to participate :)
from jira-cli.
xdhmoore
commented on August 21, 2024
If an attacker reaches your home directory, you have serious problems, but if your home directory contains an SSO password that gets them admin access to all of the production applications you manage, you have even more serious problems.
from jira-cli.
valentijnscholten
commented on August 21, 2024
Api tokens were just introduced in jira server 8.14. But do not work with basic authentication. They need be sent as bearer token.
from jira-cli.
iinuwa
commented on August 21, 2024
Oh, OK. My API token for Jira Cloud is working without modification to jira-cli. @valentijnscholten, are you saying that Jira Server API tokens are not working with jira-cli?
from jira-cli.
Related Issues (20)
- Unable to create issue due to additional required fields HOT 5
- Transition name is ignored when passed to `jira i <name> --transition` HOT 5
- Adding label option when creating task
- jira issue create: seems like an invalid command HOT 1
- Allow connection to server using self-signed cert
- Allow to select user when assigning an issue HOT 1
- Any chance we can get a new release?
- Can't assign issue with GDPR strict mode on
- `jira issue $ISSUE_NAME` -> TypeError
- jira show [ISSUE] shows raw text and markup
- GPDR strict mode
- 1.2.1 is a breaking change
- Trouble installing after cloning HOT 1
- Saved credentials must be in directory from which jira cli is executed
- [Feature request] Add option to export pure text, without decoration like table or color
- "npm WARN" deprecated dependencies listed when installing
- [bug] output is broken
- can it be converted into a binary release instead of using a nodejs runtime?
- Json (yaml) structured output.
- Access to local hosted server with token fails unless anonymous HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jira-cli.