Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pulp CLI takes only plaintext password #821

Closed
swetha-swaminathan1 opened this issue Nov 6, 2023 · 4 comments · Fixed by #882
Closed

Pulp CLI takes only plaintext password #821

swetha-swaminathan1 opened this issue Nov 6, 2023 · 4 comments · Fixed by #882
Labels
feature request New feature request (template-set)

Comments

@swetha-swaminathan1
Copy link

Summary

Pulp-CLI currently accepts only plain-text password as input to the pulp config create command. This command creates a cli.toml file which contains the plaintext password. This is an issue as there is a requirement for us that the password must not be visible as plain text in the cli.toml file. Please let me know if a fix can be provided for this (by either accepting an encrypted password or something else). Otherwise, I can try to contribute to the pulp-cli repository with some guidance.

Examples

pulp file repository create --name file_repo1 --username USER --enc_password BASE64PASS
(pulp-cli could include this new parameter enc_password which takes base64 encoded password instead of plain text password)
@swetha-swaminathan1 swetha-swaminathan1 added feature request New feature request (template-set) Triage-Needed Needs to be reviewed at next pulp-cli mtg labels Nov 6, 2023
@mdellweg
Copy link
Member

mdellweg commented Nov 6, 2023

We allow certificate based authentication too.
If you don not put the password in the config file, you will be asked for it (every single command...).

As a solution for this, would integrating with https://pypi.org/project/SecretStorage/ help?
(For securing the password, i would prefer to go all the way.)

@swetha-swaminathan1
Copy link
Author

swetha-swaminathan1 commented Nov 7, 2023
edited
Loading

We allow certificate based authentication too. If you don not put the password in the config file, you will be asked for it (every single command...).

As a solution for this, would integrating with https://pypi.org/project/SecretStorage/ help? (For securing the password, i would prefer to go all the way.)

  1. Password would still be required if i use certificate right? Certificate is just for authentication whereas password is required for authorization.
  2. Regarding sercretStorage, do you mean it will be integrated into pulp?

@mdellweg
Copy link
Member

mdellweg commented Nov 7, 2023

I meant ssl client certs. And you'd need to provide a key. If that was password protected after all, i'm not sure this is supported by pulp-cli.
Regarding secret storage: I could see that implemented (actually love to see...). It would use the d-bus secrets interface and by that matter integrate with all common Linux desktop environments.

@ggainey
Copy link
Contributor

ggainey commented Jan 17, 2024
edited
Loading

We had some great discussion around this at the latest cli-mtg It would be a great addition to pulp-cli, if it were taught how to take advantage of SecretStorage (as linked in those minutes!) We absolutely would love a PR that implemented such a thing!

mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 22, 2024
@mdellweg
Retrieve missing password from dbus secret
5330346 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
@mdellweg mdellweg mentioned this issue Jan 22, 2024
Merged
3 tasks
@pulpbot pulpbot moved this to Needs review in RH Pulp Kanban board Jan 22, 2024
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 24, 2024
@mdellweg
Retrieve missing password from dbus secret
82ee6f2 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 25, 2024
@mdellweg
Retrieve missing password from dbus secret
69251d3 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 26, 2024
@mdellweg
Retrieve missing password from dbus secret
545bae1 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 26, 2024
@mdellweg
Retrieve missing password from dbus secret
c875a94 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 26, 2024
@mdellweg
Retrieve missing password from dbus secret
098218f 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 26, 2024
@mdellweg
Retrieve missing password from dbus secret
989d944 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Jan 26, 2024
@mdellweg
Retrieve missing password from dbus secret
b83212d 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Feb 8, 2024
@mdellweg
Retrieve missing password from dbus secret
7d9817f 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Feb 12, 2024
@mdellweg
Retrieve missing password from dbus secret
c2892c5 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Feb 13, 2024
@mdellweg
Retrieve missing password from dbus secret
d4b20e6 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Feb 14, 2024
@mdellweg
Retrieve missing password from dbus secret
c751043 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Feb 15, 2024
@mdellweg
Retrieve missing password from dbus secret
9a9eb60 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Feb 28, 2024
@mdellweg
Retrieve missing password from dbus secret
1ab11ca 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
@ggainey ggainey removed the Triage-Needed Needs to be reviewed at next pulp-cli mtg label Feb 28, 2024
mdellweg added a commit to mdellweg/pulp-cli that referenced this issue Mar 7, 2024
@mdellweg
Retrieve missing password from dbus secret
69c6683 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes pulp#821
mdellweg added a commit that referenced this issue Mar 7, 2024
@mdellweg
Retrieve missing password from dbus secret
7d105fa 
Use the secretservice library to interface with dbus compatible
password managers.

Fixes #821
@pulpbot pulpbot moved this from Needs review to Done in RH Pulp Kanban board Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request New feature request (template-set)
Projects
No open projects
RH Pulp Kanban board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Retrieve missing password from dbus secret mdellweg/pulp-cli
3 participants
@ggainey @mdellweg @swetha-swaminathan1