Giter VIP home page Giter VIP logo

Comments (2)

bayleedev avatar bayleedev commented on May 14, 2024

Related links:
https://github.com/henryboldi/felony
https://github.com/keybase/triplesec

from zazu.

bayleedev avatar bayleedev commented on May 14, 2024

After some talk this is what the current idea would look like:

When installing a plugin, currently it is assumed no variables need to be set. The zazu-package-manager can be modified to check which variables need to be set. Zazu can then prompt the user for inputs. For example:

diff --git a/zazu.json b/zazu.json
index 6d190ad..b5d212d 100644
--- a/zazu.json
+++ b/zazu.json
@@ -1,6 +1,9 @@
 {
   "name": "Gist",
   "icon": "icon.png",
+  "variables": {
+    "token": "string.secure"
+  },
   "blocks": {
     "input": [
       {

We can also allow the user to specify an "encryption driver", which would default to one we create like tinytacoteam/zazu-encryption-aes or something. This will expose an encrypt/decrypt method.

When Zazu loads it'll search the plugin config for "secure" keys and overwrite them in memory. For example:

    {
      "name": "afaur/zazu-gist",
      "variables": {
        "token": {
          "secure": "7f46165474d11ee5836777d85df2cdab"
        }
      }
    }

Would replace token.secure to just be token and pass the real value into the plugin to use.

So the workflow would look like this:

  • Open Zazu
  • Type in install gist
  • The package manager prompts and asks for your api token
  • The package manager tries to encrypt it with the pluginContext.encrypt
  • Zazu does not have the password in memory
  • Zazu prompts the user for a password
  • Zazu asks the encryption driver to encrypt the data and returns it to the package manager
  • The package manager saved the new ~/.zazurc.json file and reloads zazu

When you open up Zazu with the new config:

  • Zazu sees a secure variable and tries to decrypt it
  • Zazu prompts you for a password since it is not in memory
  • Zazu passes it to the plugin when it's neeeded.

Assumptions

We assume the driver will ALWAYS need a password. What if you never wanted to share this file, but you wanted it to be secure. There could just be a driver that uses some randomly generated file as your password. The ~/.zazurc.json can't be shared but you could encrypt/decrypt on the same computer.

cc @tinytacoteam/zazu-core

from zazu.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.