Bug: hcloud saves API key in plain text #554
Description
As noted in my comment to the pull request here :
rm /Users/david/.config/hcloud/cli.tom
op signin
op plugin init hcloud
# Hetzner Cloud CLI
# Authenticate with Hetzner Cloud API Token.
# ? Locate your Hetzner Cloud API Token: Search in 1Password...
# ? Locate your Hetzner Cloud API Token: Expand search...
# ? Locate your Hetzner Cloud API Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# ? Configure when the chosen credential(s) will be used to authenticate: Prompt me for each new terminal session
# The last step is to set up an alias for hcloud.
# You can do so by running the following command:
# echo "source /Users/david/.config/op/plugins.sh" >> ~/.config/fish/config.fish && source ~/.config/fish/config.fish
# Afterwards, run any hcloud command to see it in action!
echo "source /Users/david/.config/op/plugins.sh" >> ~/.config/fish/config.fish && source ~/.config/fish/config.fish
hcloud context create main
# i then get prompted for TouchID
The HCLOUD_TOKEN environment variable is set. Do you want to use the token from HCLOUD_TOKEN for the new context? (Y/n): y
Context main created and activated
The password is saved in plain text in /Users/david/.config/hcloud/cli.tom:
cat /Users/david/.config/hcloud/cli.toml
active_context = "main"
[[contexts]]
name = "main"
token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--
$ op --version
2.32.0