Option to specify the apple account and password in the web UI.

[jpdasma]

When opting to use a developer account, it appears that we have to specify both the email and password in a text file:

data
|____profiles
| |____my_profile                # Or what you named your profile
| | |____cert.p12                # the signing certificate archive
| | |____cert_pass.txt           # the signing certificate archive's password
| | |____name.txt                # a name to show in the web interface
| | |____account_name.txt        # the developer account's name (email)
| | |____account_pass.txt        # the developer account's password
| |____my_other_profile
| | |____...

It's not really a good practice to store these in plaintext, even if we are running SignTools in a private server.

I suggest a feature to have an option to leave these empty and prompt the user for the email and password in the web UI.

[iitazz]

I agree, this would be a nice thing to be implemented!

[ViRb3]

Due to the nature of signing, even if you had a prompt for the credentials, they would still have to reach the builder in plaintext at some point, so you should always consider them compromised. This is party mitigated by 2FA, but yes, I agree that it is not "safe". Sadly, I don't think there's a "fully safe" solution for your credentials, so I highly recommend to use a separate account just for development. I don't think that the benefits of having a prompt are worth it (in my opinion, at least), so I will likely not implement this feature myself, but I am happy to take it as a PR from somebody else.