Make translation scripts safer #6918
Comments
|
Try to avoid providing the secret data directly in the console. You shouldn't write any password or token in the CLI because it will be stored in your bash history. In the release tool, in order to create a release on Github, we require a Github Token. In the first version of the script, the token was passed directly from the console. In the second version, I used a package which allows providing the secret data without saving it in history. This function will be helpful - https://github.com/ckeditor/ckeditor5-dev/blob/master/packages/ckeditor5-dev-env/lib/release-tools/utils/cli.js#L79-L91. |
|
Thanks @pomek.
Does it apply to the console prompts as well? |
|
With |
Nope.
Sounds good. |
|
Hopefully a better authentication solution can be found, like a certificate. Having to provide a password is problematic and it doesn't allow for easy automation of such scripts. If we would have a cron task that daily updates language files, we would have to store the password as plaintext somewhere and this is not good. |
|
From what @ma2ciek said there's no other method :( |
|
Actually that has changed few weaks ago (https://fr.transifex.com/blog/2017/api-authentication-tokens/) and It's already in the API https://docs.transifex.com/api/introduction#authentication, so I'll look at it and will try to align it to our scripts. |
Fix: Made the translation tasks more secure by not requiring to provide your password through bash. Closes #92.
mlewand
added
type:improvement
Translation scripts require safer login and password providing than writing them directly into the scripts params, e.g.:
I think that https://github.com/flatiron/prompt package could fit this issue very well.
The text was updated successfully, but these errors were encountered: