src login should store credentials in a secure credentials store rather than environment variables
Created by: mike-r-mclaughlin
Feedback
Redacted customer prefers that src login behave similar to commands like docker login with respect to token/credentials storage. Specifically, src-cli should store and read the token from the native keychain for the OS or some other external secure store.
The primary concern is if someone gains access to the token, they could access all of the source code indexed by Sourcegraph that the token holder has access to. For site admins with authz.enforceForSiteAdmins set to false, this means all source code. While this may be less likely on a local developer machine, once src is used in a shared system such as Jenkins it becomes a higher risk.
Customer
Additional insights from the user:
My concern is more of a defense-in-depth thing, than a real security threat. Considering the vast OAuth scope of the Sourcegraph GitHub connector (full read/write access to all private repos), I would like to handle the token with a bit more care.