Do not save credentials in plaintext (at least, not as the default persistence mode) #415

mfisher87 · 2023-12-18T15:34:51Z

Earthdata documentation may recommend using .netrc files to store credentials, but those files are still plaintext files. They do provide security advantages by mapping credentials to hostnames, but that doesn't negate the security concern of exposing the credentials.

Storing credentials in plaintext is especially problematic when we're training users (who are not security experts) to work on untrusted/shared machines/filesystems in the cloud and on JupyterHubs.

IMO, we should default to persisting only tokens!

mfisher87 added the enhancement New feature or request label Dec 18, 2023

github-project-automation bot added this to earthaccess project Dec 18, 2023

github-project-automation bot moved this to 🆕 New in earthaccess project Dec 18, 2023

mfisher87 changed the title ~~Do not save credentials in plaintext~~ Do not save credentials in plaintext (at least, not by default) Dec 18, 2023

mfisher87 changed the title ~~Do not save credentials in plaintext (at least, not by default)~~ Do not save credentials in plaintext (at least, not as the default persistence mode) Dec 18, 2023

mfisher87 mentioned this issue Mar 5, 2024

New auth strategy: token-only #484

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Do not save credentials in plaintext (at least, not as the default persistence mode) #415

Do not save credentials in plaintext (at least, not as the default persistence mode) #415

mfisher87 commented Dec 18, 2023 •

edited

Loading

Do not save credentials in plaintext (at least, not as the default persistence mode) #415

Do not save credentials in plaintext (at least, not as the default persistence mode) #415

Comments

mfisher87 commented Dec 18, 2023 • edited Loading

mfisher87 commented Dec 18, 2023 •

edited

Loading