From 7b9413cba246cd39e9ed1883da2ee3cc95bf0a2d Mon Sep 17 00:00:00 2001 From: Joyee Cheung Date: Thu, 18 Sep 2025 17:36:24 +0200 Subject: [PATCH 1/2] fix(docs): revise credential storage recommendations in README --- README.md | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 3d0c1619..4822728c 100644 --- a/README.md +++ b/README.md @@ -89,14 +89,6 @@ After the token is generated, create an rc file with the following content: Note: you could use `ncu-config` to configure these variables, but it's not recommended to leave your tokens in your command line history. -If you have `gpg` installed and setup on your local machine, it is recommended -to store an encrypted version of this file: - -```console -$ gpg --default-recipient-self --encrypt ~/.ncurc -$ rm ~/.ncurc -``` - ### Setting up Jenkins credentials The `git-node` and `ncu-ci` commands need to query the Node.js Jenkins API for @@ -124,14 +116,29 @@ To obtain the Jenkins API token } ``` +### Protecting your credentials + +If you have `gpg` installed and setup on your local machine, it is strongly recommended +to store an encrypted version of this file: -### Make sure your credentials won't be committed +```console +$ gpg --default-recipient-self --encrypt ~/.ncurc +$ rm ~/.ncurc +# The credentials are now encrypted in ~/.ncurc.gpg and everytime it's needed, +# node-core-utils will invoke gpg that may ask you to decrypt it using +# your default key via pinentry. +``` Put the following entries into your [global `gitignore` file](https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreexcludesFile) -(`$XDG_CONFIG_HOME/git/ignore` or a file specified by `core.excludesFile`): +(`$XDG_CONFIG_HOME/git/ignore` or a file specified by `core.excludesFile`). For example: + +```console +$ git config --global core.excludesfile ~/.gitignore_global +``` ``` +# In ~/.gitignore_global # node-core-utils configuration file .ncurc .ncurc.gpg From d3fefc7759b1bc1d7c543d8ff96bbc4d2a49b5e3 Mon Sep 17 00:00:00 2001 From: Joyee Cheung Date: Mon, 22 Sep 2025 13:44:52 +0200 Subject: [PATCH 2/2] fixup! fix(docs): revise credential storage recommendations in README --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4822728c..9bcf06de 100644 --- a/README.md +++ b/README.md @@ -124,11 +124,12 @@ to store an encrypted version of this file: ```console $ gpg --default-recipient-self --encrypt ~/.ncurc $ rm ~/.ncurc -# The credentials are now encrypted in ~/.ncurc.gpg and everytime it's needed, -# node-core-utils will invoke gpg that may ask you to decrypt it using -# your default key via pinentry. ``` +The credentials are now encrypted in `~/.ncurc.gpg` and everytime it's needed, +node-core-utils will invoke `gpg` that may ask you to decrypt it using +your default key via pinentry. + Put the following entries into your [global `gitignore` file](https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreexcludesFile) (`$XDG_CONFIG_HOME/git/ignore` or a file specified by `core.excludesFile`). For example: