From 777b9469ff05a3c1604461bc51dcae181d30c4c1 Mon Sep 17 00:00:00 2001 From: Howard Wolosky Date: Tue, 19 May 2020 14:49:55 -0700 Subject: [PATCH 1/2] Update usage documentation for configuring authentication unattended. --- GitHubConfiguration.ps1 | 7 +++---- README.md | 4 ++++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/GitHubConfiguration.ps1 b/GitHubConfiguration.ps1 index 81bc7804..e169bb05 100644 --- a/GitHubConfiguration.ps1 +++ b/GitHubConfiguration.ps1 @@ -836,13 +836,12 @@ function Set-GitHubAuthentication SecureString for use in future PowerShell sessions. .EXAMPLE - $secureString = ("" | ConvertTo-SecureString) + $secureString = ("" | ConvertTo-SecureString -AsPlainText -Force) $cred = New-Object System.Management.Automation.PSCredential "username is ignored", $secureString Set-GitHubAuthentication -Credential $cred - Uses the API token stored in the password field of the provided credential object for - authentication, and stores it in a file on the machine as a SecureString for use in - future PowerShell sessions. + Allows you to specify your access token as a plain-text string ("") + which will be securely stored on the machine for use in all future PowerShell sessions. .EXAMPLE Set-GitHubAuthentication -SessionOnly diff --git a/README.md b/README.md index 5705ba73..64dd4ca3 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,10 @@ access token. securely cached to disk and will persist across all future PowerShell sessions. If you ever wish to clear it in the future, just call `Clear-GitHubAuthentication`). +> For automated scenarios (like GithHub Actions) where you are dynamically getting the access token +> needed for authentication, refer to `Example 2` in `Get-Help Set-StoreBrokerAuthentication -Examples` +> for how to configure in a promptless fashion. + A number of additional configuration options exist with this module, and they can be configured for just the current session or to persist across all future sessions with `Set-GitHubConfiguration`. For a full explanation of all possible configurations, run the following: From f1d811301d7a08f4618007db2882032b48d7b4fc Mon Sep 17 00:00:00 2001 From: Howard Wolosky Date: Tue, 19 May 2020 15:29:45 -0700 Subject: [PATCH 2/2] Additional updates --- GitHubConfiguration.ps1 | 2 ++ README.md | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/GitHubConfiguration.ps1 b/GitHubConfiguration.ps1 index e169bb05..85381927 100644 --- a/GitHubConfiguration.ps1 +++ b/GitHubConfiguration.ps1 @@ -839,6 +839,8 @@ function Set-GitHubAuthentication $secureString = ("" | ConvertTo-SecureString -AsPlainText -Force) $cred = New-Object System.Management.Automation.PSCredential "username is ignored", $secureString Set-GitHubAuthentication -Credential $cred + $secureString = $null # clear this out now that it's no longer needed + $cred = $null # clear this out now that it's no longer needed Allows you to specify your access token as a plain-text string ("") which will be securely stored on the machine for use in all future PowerShell sessions. diff --git a/README.md b/README.md index 64dd4ca3..9d35e6cc 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,10 @@ If you ever wish to clear it in the future, just call `Clear-GitHubAuthenticatio > For automated scenarios (like GithHub Actions) where you are dynamically getting the access token > needed for authentication, refer to `Example 2` in `Get-Help Set-StoreBrokerAuthentication -Examples` > for how to configure in a promptless fashion. +> +> Alternatively, you _could_ configure PowerShell itself to always pass in a plain-text access token +> to any command (by setting `$PSDefaultParameterValues["*-GitHub*:AccessToken"] = ""`), +> although keep in mind that this is insecure (any other process could access this plain-text value). A number of additional configuration options exist with this module, and they can be configured for just the current session or to persist across all future sessions with `Set-GitHubConfiguration`.