ssh_auth_cargo_publish
| Crates.io | ssh_auth_cargo_publish |
| lib.rs | ssh_auth_cargo_publish |
| version | 1.0.3 |
| source | src |
| created_at | 2024-04-30 18:48:40.761479 |
| updated_at | 2024-04-30 18:48:40.761479 |
| description | Store and use encrypted secret_token for crates.io with SSH key |
| homepage | https://bestia.dev |
| repository | https://github.com/automation-tasks-rs/ssh_auth_cargo_publish |
| max_upload_size | |
| id | 1225414 |
| size | 121,060 |
bestia.dev (bestia-dev)
documentation
README
ssh_auth_cargo_publish
Store and use encrypted secret_token for crates.io with SSH key
version: 1.0.3 date: 2024-04-30 author: bestia.dev repository: GitHub
Hashtags: #maintained #ready-for-use #rustlang #automation #workflow
My projects on GitHub are more like a tutorial than a finished product: bestia-dev tutorials.
I recommend using the CRUSTDE - Containerized Rust Development Environment to write Rust projects on Linux, isolated from your system.
Motivation
To access crates.io with cargo publish you need an access secret_token.
IMPORTANT: Treat access secret_tokens like your password and keep them secret. Store your secret_tokens securely in a credential manager for example.
Access secret_tokens are impossible to remember for an average human. We need to store them somewhere.
This command stores the crates.io secret_token:
cargo login
WARNING: Be aware that by default they store the secret_token in "plain-text" in the file: ~/.cargo/credentials.
Ok, I see there was some development in this area and now is possible to use "credentials providers".
I want to secure this secret_token with encryption with an SSH key.
We have already a lot of experience creating, managing and securing our SSH keys. The private key is secured by a passphrase we can remember and type. Every use of the secret_token will need user interaction to type the passphrase. Very secure.
If we are very self-confident in our current session, we can store the SSH key in ssh-agent and write our passphrase only once.
WARNING: a dedicated attacker could read from ssh-agent and discover the access secret_token without our user interaction. Use this at your discretion.
Replacement command
Put the executable ssh_auth_cargo_publish into the folder you intend to use it.
After copying, make it executable with chmod +x ssh_auth_cargo_publish.
Instead of cargo publish ... use ssh_auth_cargo_publish.
If it finds the encrypted secret_token it will ask you for the passphrase to the private SSH key.
Else it will ask you to store the secret_token.
Development details
Read the development details in a separate md file: DEVELOPMENT.md
Releases changelog
Read the releases changelog in a separate md file: RELEASES.md
TODO
And code happily ever after...
Open-source and free as a beer
My open-source projects are free as a beer (MIT license).
I just love programming.
But I need also to drink. If you find my projects and tutorials helpful, please buy me a beer by donating to my PayPal.
You know the price of a beer in your local bar ;-)
So I can drink a free beer for your health :-)
Na zdravje! Alla salute! Prost! Nazdravlje! 🍻
//bestia.dev
//github.com/bestia-dev
//bestiadev.substack.com
//youtube.com/@bestia-dev-tutorials