Skip to content

feat: move credentials to .env file instead of writing them in plain text (#DVRL-71)#716

Closed
JohannesDienst-askui wants to merge 5 commits intomainfrom
dvrl-71_credentials_in_dotenv_file
Closed

feat: move credentials to .env file instead of writing them in plain text (#DVRL-71)#716
JohannesDienst-askui wants to merge 5 commits intomainfrom
dvrl-71_credentials_in_dotenv_file

Conversation

@JohannesDienst-askui
Copy link
Copy Markdown
Contributor

@JohannesDienst-askui JohannesDienst-askui commented Mar 4, 2024

We stored the credentials (workspace-id + access token) in helpers/askui-helpers.ts in plain text. While this is ok for local projects, it increases the risk of pushing credentials into a repository and exposing them.

This PR moves the credentials into .env where they are usually excluded with a proper .gitignore minimizing the risk of of leaking credentials 🥳 .

@mlikasam-askui
Copy link
Copy Markdown
Collaborator

mlikasam-askui commented Mar 4, 2024

Great job! 💪
So far, we've discussed and agreed not to incorporate dotenv support. Instead, we'll provide documentation on how to implement it as a best practice. This way, users have the flexibility to configure their environment as they see fit.

@JohannesDienst-askui
Copy link
Copy Markdown
Contributor Author

JohannesDienst-askui commented Mar 4, 2024

Great job! 💪 So far, we've discussed and agreed not to incorporate dotenv support. Instead, we'll provide documentation on how to implement it as a best practice. This way, users have the flexibility to configure their environment as they see fit.

Ah ok. My ticket said I should implement this, or at least I understood it that way 😉

I would like to install the dotenv-dependency anyway and prepare the .env-file for the user upon npm askui init. The user only has to add the correct import in askui-helper.ts for the best practice to work. Is that ok from your side @mlikasam-askui ?

@mlikasam-askui
Copy link
Copy Markdown
Collaborator

mlikasam-askui commented Mar 5, 2024

Great job! 💪 So far, we've discussed and agreed not to incorporate dotenv support. Instead, we'll provide documentation on how to implement it as a best practice. This way, users have the flexibility to configure their environment as they see fit.

Ah ok. My ticket said I should implement this, or at least I understood it that way 😉

I would like to install the dotenv-dependency anyway and prepare the .env-file for the user upon npm askui init. The user only has to add the correct import in askui-helper.ts for the best practice to work. Is that ok from your side @mlikasam-askui ?

Personally, I don't like shipping it like that. However, I would advise waiting for @programminx-askui. You can discuss it with him, and he can then bring it up with @dom-askui. I can't decide for the team.

@JohannesDienst-askui
Copy link
Copy Markdown
Contributor Author

JohannesDienst-askui commented Mar 6, 2024

Moved the docs part to askui/askui-dev-docs#10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mlikasam-askui mlikasam-askui Awaiting requested review from mlikasam-askui

@programminx-askui programminx-askui Awaiting requested review from programminx-askui

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JohannesDienst-askui @mlikasam-askui