Set token via environment variables

[abatilo]

I think being able to set tokens via environment variables would end up with a much more CI friendly user experience.

Then the token could be set on the CI provider as a secret.

[preslavmihaylov]

That makes sense. I will consider this in a future release.

In the meantime, have in mind it is still possible to specify the auth token for CI by explicitly setting it in your tokens cache (default ~/.todocheck/authtokens.yaml):

Ref. Configuration

Does this way of passing the token work for your needs?

[abatilo]

Yes, it's workable for now. I just need CI steps that will write the file for me.

Thanks!

[preslavmihaylov]

I'm wondering if specifying an auth token via an environment variable directly might be vulnerable?

Is it common to pass secrets to CI env in that way, could you share some example of this/docs so that I can explore?

[abatilo]

I'm wondering if specifying an auth token via an environment variable directly might be vulnerable?

Is it common to pass secrets to CI env in that way, could you share some example of this/docs so that I can explore?

https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets

https://circleci.com/docs/2.0/env-vars/#secrets-masking

Many CI systems support setting secrets this way.