Separate ~/.cargo/credentials #3748
Comments
|
Sounds like a good idea to me! |
|
This is a pretty big deal! As another data point, OpenSSH will refuse to run if your file permissions aren't on point. |
bors
added a commit
that referenced
this issue
Jun 13, 2017
Move API token into the separate file. Fix of #3748. BTW, it's not clear what to do with old config. Should I add a check for old config and try to remove [repository.token] field from it every time user add a new token? Or should I just prefer to use a token field from a new config over the old one?
|
I think this can be closed. |
|
Nice! Glad to see this ship. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Originally from: rust-lang/crates.io#78
Right now the crates.io API token used by cargo is stored in the
[registry.token]section of~/.cargo/config(which, as it were, has644file permissions by default, i.e. world readable)I think it would make more sense to separate credentials into a separate file (e.g.
~/.cargo/credentialsor~/.cargo/token) which always has600file permissions and will warn or not function if the permissions are too looseSome precedent here is RubyGems, which stores its equivalent credentials in a
~/.gem/credentialsfile, which always has600permissionsThe text was updated successfully, but these errors were encountered: