diff --git a/README.md b/README.md index 9bcf06de..9e7fd01f 100644 --- a/README.md +++ b/README.md @@ -76,18 +76,17 @@ Optionally, if you want to grant write access so `git-node` can write comments: You can also edit the permission of existing tokens later. -After the token is generated, create an rc file with the following content: -(`~/.ncurc` or `$XDG_CONFIG_HOME/ncurc`): - -```json -{ - "username": "your_github_username", - "token": "token_that_you_created" -} +After the token is generated, you can give it to NCU using: + +```sh +ncu-config set username your_github_username +# It is strongly recommended to encrypt your token. Do not provide it in the CLI, +# `ncu-config` will prompt you for it. +ncu-config set -x token ``` -Note: you could use `ncu-config` to configure these variables, but it's not -recommended to leave your tokens in your command line history. +Note: Encryption is available only if you have `gpg` setup on your machine. If +not, do not pass the `-x` flag. ### Setting up Jenkins credentials @@ -108,28 +107,12 @@ To obtain the Jenkins API token `~/.ncurc.gpg` or `$XDG_CONFIG_HOME/ncurc.gpg`) with `jenkins_token` as key, like this: - ```json - { - "username": "your_github_username", - "token": "your_github_token", - "jenkins_token": "your_jenkins_token" - } + ```sh + ncu-config set -x jenkins_token ``` ### Protecting your credentials -If you have `gpg` installed and setup on your local machine, it is strongly recommended -to store an encrypted version of this file: - -```console -$ gpg --default-recipient-self --encrypt ~/.ncurc -$ rm ~/.ncurc -``` - -The credentials are now encrypted in `~/.ncurc.gpg` and everytime it's needed, -node-core-utils will invoke `gpg` that may ask you to decrypt it using -your default key via pinentry. - Put the following entries into your [global `gitignore` file](https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreexcludesFile) (`$XDG_CONFIG_HOME/git/ignore` or a file specified by `core.excludesFile`). For example: