Replies: 1 comment
-
|
Thank you and sorry for the delay in getting back. I like this idea, but wondering if might be something best handled by a pre-request script. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I'd like to propose a feature, which lets the user set a master password via ENV variable, which is then used to encrypt/decrypt the password field in the *.posting.yaml file
Current situation for a *.posting.yaml file
Proposed change:
The example "enc_password" was generated with
echo "test" | openssl enc -e -aes-256-cbc -a -salt -pbkdf2and "123456" as password.
Reason for this proposal:
Encrypting the BasicAuth credentials would it make easier to share a larger number of collections safely, for example, via VCS without the possibility to accidentaly push the plaintext password. Also then there would be no need to remove the plaintext credentials, before pushing such a collection (or more collections), by hand and have to type
them in again after i cloned the repo.
The following steps show how this could work in the application:
** Decrypt the password field with POSTING_MASTER_PASSWORD and set the plaintext password together with the username in the "Auth" tab
** Encrypt the value of the password field with POSTING_MASTER_PASSWORD and write it back to the *.posting.yaml file
If the ENV variable is not set, the default behaveior (no encryption/decryption) will be activated
Thanks for this awesome tool and best regards
Beta Was this translation helpful? Give feedback.
All reactions