Comments (5)
@Eneris Thanks for raising this! Is there any preference related to how you'd expect passwords (or more general secrets) to be stored? Ideally we don't want to store the secrets with the CLI itself, but rather rely on best practice methods on how to pass them into the CLI.
One option is env vars, another option (based on env vars) the .env file.
The currently supported methods to pass the secrets are via explicit command args or inside a dw.json
, see auth:login
and client:auth
.
Adding env var and .env can be done, we would however have to follow a meaningful fallback strategy with precedence.
Something like:
- Use args explicitly passed to the command (if present)
- Use
dw.json
in cwd (if present) - Use well known env vars from .env in cwd (if present)
- Use well known env vars (if present)
Feedback?
from sfcc-ci.
Hi @tobiaslohr . Sorry for the late reply.
That sounds perfect. One additional "nice to have" that I came across in last few days while implementing "one-command" sandbox prepare is, to expose functionality as module functions to enable more versatility.
Thanks :)
from sfcc-ci.
Thanks @Eneris, may I ask you to provide an example .env
file (with scrubbed credentials of course)?
One additional "nice to have" that I came across in last few days while implementing "one-command" sandbox prepare is, to expose functionality as module functions to enable more versatility.
For this, can you please raise a new issue?
from sfcc-ci.
Suggestion for well-known env vars:
SFCC_CLIENT_ID
SFCC_CLIENT_SECRET
SFCC_USER_NAME
SFCC_USER_PASSWORD
Re-named proposed env vars:
SFCC_OAUTH_CLIENT_ID
SFCC_OAUTH_CLIENT_SECRET
SFCC_OAUTH_USER_NAME
SFCC_OAUTH_USER_PASSWORD
from sfcc-ci.
Any feedback on this @Eneris ?
from sfcc-ci.
Related Issues (20)
- SLAS Add Client: --tenant option ignored HOT 1
- Feature: add github issue templates
- Created a DefinitelyTyped type definition for sfcc-ci HOT 1
- Which version of NodeJS and npm do you recommend to use? HOT 2
- HELP Needed:SFCC-CI code:deploy fails when adding the archive file to the command line HOT 3
- Problem when unzipping error 500, logs show "directory not empty" error for new codeversion HOT 5
- Running `npx sfcc-ci code:deploy` results in "The requested URL was not found on this server" HOT 1
- Error on code:deploy with JWT token type HOT 11
- Stage upload fails with sslv3 alert handshake failure HOT 4
- New feature Request- Add capability to reset user and revoke verifiers HOT 1
- HELP: Automated build system script firing Authenticator app even when using certificate for 2FA HOT 1
- Problems with Snyk on CI HOT 2
- With the recent commit which happened 8 hours ago on Nov 16 2022 in master branch, our builds are failing. HOT 1
- SFCC -CI Export Not working HOT 1
- [ERR_INVALID_CHAR]: Invalid character in header content ["authorization"] HOT 1
- sfcc-ci auth:login sending approval request to Authenticator HOT 2
- Getting issue with deploy code with latest version HOT 6
- Able to fetch API client change history from Account Manager
- Uploading cartridges code to staging environment using the SFCC-CI client HOT 5
- Local issuer certificate error with sfcc-ci npm install HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sfcc-ci.