#247 new
aaron.meier

Re-write command line tools to support auth w/o properties file.

Reported by aaron.meier | March 23rd, 2011 @ 08:41 AM

Hello,

Tools like RD-Jobs currently use a clear-text password stored on the local file system to authenticate the user. We have written a python script that uses an encrypted storage space to decrypt and send to the API via https.

If you could write the command line tools to use the new API in 1.2, and provide another optional means of getting the password (like from stdin, or a script to execute), then I believe that will satisfy the security requirements of most companies.

Another, less important feature, would be to implement a Console.readPassword() call with a java command line tool, since it uses "secure" memory to store the char[] array.

I'm sure you have better ideas than I do, but the general idea is secure password storage and using the 1.2 API.

Thanks,

Aaron Meier, RightNow Technologies

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins

Referenced by

Pages