Replies: 1 comment 1 reply
-
|
@cboettig we do have an open issue for a user-configurable netrc file: #480 And a general issue about not using plaintext credentials here: #415 There are a number of credential files we deal with that all this equally applies to, but I agree, in general, it'd be good to get away from needing to store persistent plaintext credentials files. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
sorry I missed those! watching now. closing here. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I believe it is best-practice to allow users to specify the location of configuration files such as
~/.netrc. Mature software such ascurlhave always provided this option.This is perhaps particularly true of configurations that store credentials in plain text. For instance, many users of earthaccess are also using JupyterHubs, where credentials stored on the home directory are persistent. Other authentication patterns, such as
gh-scoped-creds, are specifically designed to avoid this pattern, using temporary storage. The risk is potentially greater with netrc and EarthData Login, because it continues to use username + password patterns instead of more modern authentication, and many users may still continue to re-use passwords across accounts.I think storing user-selected passwords in plain text persistent files in settings such as JupyterHub does not illustrate best practices in today's security landscape.
Beta Was this translation helpful? Give feedback.
All reactions