Secure api_key in zuliprc file using encryption#1564
Closed
Gopinath-Mahendiran wants to merge 0 commit intozulip:mainfrom
Closed
Secure api_key in zuliprc file using encryption#1564Gopinath-Mahendiran wants to merge 0 commit intozulip:mainfrom
Gopinath-Mahendiran wants to merge 0 commit intozulip:mainfrom
Conversation
Gopinath-Mahendiran
force-pushed
the
Gopinath-Mahendiran
branch
2 times, most recently
from
e23df1f to
04fd0ae
Compare
Collaborator
|
@Gopinath-Mahendiran I replied in the issue, due to some confusion over the specification for the expected fix? I also moved your Zulip message into a new topic to make it easier to see the dedicated discussion for the issue and any PRs that result including this one. |
neiljp
added
the
PR awaiting update
Author
|
@neiljp I understand the problem and will work towards it, making the necessary changes. Additionally, I’d like to clarify whether the key stored by the |
Gopinath-Mahendiran
force-pushed
the
Gopinath-Mahendiran
branch
from
a373654 to
04fd0ae
Compare
Gopinath-Mahendiran
force-pushed
the
Gopinath-Mahendiran
branch
from
04fd0ae to
23a773c
Compare
zulipbot
added
size: XS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
##This PR enhances security by encrypting the api_key stored in the zuliprc file. It ensures that sensitive credentials are not stored in plaintext, reducing the risk of exposure. A decryption mechanism is also included to seamlessly retrieve the api_key when needed.
Outstanding aspect(s)
Discussed in #zulip-terminal in topic
[ x] Partially fixes issue #1502
How did you test this?
[ x] Manually - Verified that api_key is encrypted when stored.
[ x] Manually - Confirmed api_key decryption works correctly.
###How this behaves
When a user logs in directly from the terminal without downloading the zuliprc file from the web application, the encryption process will be handled internally, ensuring a seamless and secure experience.
However, if the zuliprc file is downloaded from the web application, encryption must be performed manually using the following command:
zulip-term --encrypt <file_name>This command encrypts the api_key stored in the file, enhancing security before use.
Regardless of whether the user logs in with the default zuliprc file or a custom configuration file, decryption will be handled automatically within the application. This ensures a smooth authentication process without requiring any manual intervention.