Store Trello API Key in Keyring #1095
Description
Hello, what about Trello's API key, I've check the code and there is no use of
self.get_passwordmethod. Is it bug or feature @ryneeverett? I'd personally said bug, because I'd rather not to expose any sensitive information. I would changed it, but I'm not sure about non-contributor PR's acceptance in this project.
Originally posted by @JecminekTomas in #1063
From https://developer.atlassian.com/cloud/trello/guides/rest-api/api-introduction/:
Because of the way the authorization flow works, the API key is intended to be publicly accessible. An API key by itself doesn't grant access to a user's Trello data. However, because API tokens grant access to the user's data, they should be kept secret.
I've read this paragraph 5 times and I can't quite make sense it. But it does seem reasonable to allow users to store their api key in their keyring if they think it ought to be treated like a secret since it doesn't impose any cost on anyone else.
I would changed it, but I'm not sure about non-contributor PR's acceptance in this project.
PR's are welcome! According to Github we have 127 contributors. If there's anything more we should do to make it clear that PR's are welcome, please open a new issue to let us know.