On 2023-06-16 17:56, Antonio Terceiro wrote:
> Note that the variable where you inserted a username and password is
> calle debci_amqp_server, and was never supposed to be used for putting a
> password in plain text.
I think this is where the documentation of the --amqp option threw me
off, from debci(1):
--amqp amqp://[user:password@]hostname[:port]
> For the c.d.n deployment we use SSL client certificates for
> authentication, and that's why the variables debci_amqp_cacert,
> debci_amqp_cert, debci_amqp_key are there.
Yeah, I was guessing as much.
I just wanted to make sure that in the case of only the server
certificate + client auth/pass, there's a safer way to do that.
> IMO that is no different from any other program that takes a url as a
> command line parameter: you can pass a URL containing a username and
> password, but then that's on you.
Indeed. I only mentioned it since it's not entirely obvious for a
first-time debci user that the debci_amqp_server config option is passed
on via CLI to some other utility, rather than consumed by a library, or
similar.
Best,
Christian
