Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install script should setup ~/.st2/config with API key so users don't have to renegotiate auth tokens #283

Open
lakshmi-kannan opened this issue Apr 22, 2016 · 7 comments
Open

Install script should setup ~/.st2/config with API key so users don't have to renegotiate auth tokens #283

lakshmi-kannan opened this issue Apr 22, 2016 · 7 comments
Labels
complexity:easy

Comments

@lakshmi-kannan
Copy link
Contributor

No description provided.

@lakshmi-kannan lakshmi-kannan changed the title Install script should export ST2_AUTH_TOKEN at the end to avoid pain and frustration. Install script should setup ~/.st2/config with API key so users don't have to renegotiate auth tokens Apr 22, 2016
@enykeev enykeev mentioned this issue May 25, 2016
Merged
@Kami
Copy link
Member

Kami commented May 25, 2016

I discussed this with @enykeev on Slack.

I'm personally not a big fan of shoving API keys in the CLI config - CLI config already solves this problem by allowing user to put credentials (username and password) in the config and handles re-authentication for them.

API keys are mostly meant for integration with 3rd party services so mixing those with credentials is confusing, imo.

If we do decide to go with this approach we also need to make it clear which one has the priority (api key or credentials, etc.).

@Kami
Copy link
Member

Kami commented May 25, 2016
edited
Loading

@lakshmi-kannan Can you please also provide some background and context on this requirement (I'm just wondering why credentials don't solve this already - we already create a default set of credentials in the installer so this requires no additional work...)?

@lakshmi-kannan
Copy link
Contributor Author

@Kami Having API key in CLI config is a feature request from customers because they don’t want to put their LDAP or PAM password in config file on a shared box. And having auth token that expires every 24h is not ideal.

@Kami
Copy link
Member

Kami commented May 25, 2016

That's for the clarification.

In this case I'm fine with this feature, I would just think a bit more if [credentials] is the right CLI config section to put it in (and as mentioned above, making sure precedence, etc. works correctly and is documented somewhere).

@manasdk
Copy link
Contributor

manasdk commented May 25, 2016
edited
Loading

Are we sure about putting in an API key in the cli config by default. I would personally prefer if a user did this intentionally.

I am +1 to having support for API keys from cli but not to using this option by default.

@Kami
Copy link
Member

Kami commented May 25, 2016

That's a good point.

Especially in that case since it's a custom installation (they use LDAP) I don't see much value for use to generating and API key and putting it in the config automatically (it should be done explicitly by the user).

I'm fine with putting default credentials in the config though (for convenience) since that's something we need to generate and use by default anyway.

@lakshmi-kannan
Copy link
Contributor Author

Are we sure about putting in an API key in the cli config by default. I would personally prefer if a user did this intentionally.

I don't see the issue but if you guys feel it's somehow less secure, we can just add docs and point to docs at end of install script.

@Mierdin Mierdin closed this as completed Jan 9, 2017
@Mierdin Mierdin reopened this Jan 9, 2017
@blag blag mentioned this issue Jun 29, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity:easy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Kami @manasdk @lakshmi-kannan @Mierdin