-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to specify the apple account and password in the web UI. #249
Comments
I agree, this would be a nice thing to be implemented! |
Due to the nature of signing, even if you had a prompt for the credentials, they would still have to reach the builder in plaintext at some point, so you should always consider them compromised. This is party mitigated by 2FA, but yes, I agree that it is not "safe". Sadly, I don't think there's a "fully safe" solution for your credentials, so I highly recommend to use a separate account just for development. I don't think that the benefits of having a prompt are worth it (in my opinion, at least), so I will likely not implement this feature myself, but I am happy to take it as a PR from somebody else. |
When opting to use a developer account, it appears that we have to specify both the email and password in a text file:
It's not really a good practice to store these in plaintext, even if we are running SignTools in a private server.
I suggest a feature to have an option to leave these empty and prompt the user for the email and password in the web UI.
The text was updated successfully, but these errors were encountered: