Allow access to secure configuration or API keys in Chocolatey package scripts #346
Open
2 tasks done
Labels
Enhancement
Enhancements are things that are improvements or features.
Comments
pauby
added
the
Enhancement
2 tasks
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checklist
Is Your Feature Request Related To A Problem? Please describe.
This is taken from chocolatey/choco#3101
To get access to a repository that needs credentials, the Chocolatey package scripts may need access to encrypted values. In the case of chocolatey/choco#3101, this is API keys, but I can see this being useful for encrypted config values too.
Describe The Solution. Why is it needed?
Allows access to encrypted values in the Chocolatey package scripts.,
Additional Context
On the surface this seems like a good idea, however there are many things security-wise to consider. For example you could create a package that simply dumps on the API keys to the screen which isn't going to be good. So maybe you add a field that allows the key to be used in a package script, or you just use encrypted values etc.
Thought needs to be put in here, and it could end up that we can't do this.
Related Issues
The text was updated successfully, but these errors were encountered: