Support for password input via command line (or generic password input)
redstreet opened this issue · 5 comments
I'm wondering if you'd be open to adding other means for password input than just python-keyring (which I don't and can't use). Here are a few suggestions:
-
--passwordoption so it can be specified on the command line. This sounds insecure at first glance, but this is for use in scripting (eg:--password $(/usr/bin/pass bank/login) -
--password-commandoption that is common in command line environments. Example:
export RCLONE_PASSWORD_COMMAND="pass rclone/config". The username specified by -u would need to be sent as a parameter to this command so it knows what password to return.
Thoughts/opinions?
Thank you for writing and maintaining ofxtools BTW, it's very helpful!
Sure, pass is good stuff.
I think having a password arg will be make for nicer code... let the shell handle its own business; we don't want ofxget opening subprocesses, really.
The main thing is to ensure that passing the write arg doesn't dump the p/w to user config file. Secondary priority is to ignore the p/w in config file if the user puts it there.
That just leaves it in the .bash_history or what have you if the user types it in, and shoulder surfing. Getting down in the weeds of a realistic threat model for an obscure library used exclusively by technofinance weenies. Could put some language in the help reminding the user not to do anything stupid.
Great. I'll send a PR when I have a bit of time later in the month.
Have at it. Should be pretty easy. Just a heads-up: add an empty string default for the new arg to ofxtools.scripts.ofxget.DEFAULTS. Do not under any circumstances add password to ofxtools.scripts.ofxget.configurable_user.
PR #113. Turned out to be trivial because of CONFIGURABLE
-
--writedoes not dump password (it doesn't, since it's not in CONFIGURABLE) - ignore password in config file (ditto)
- add to
ofxtools.scripts.ofxget.DEFAULTS - do not add to
ofxtools.scripts.ofxget.configurable_user
Trivial is how I like it!