How to securely store OAuth2 “ClientID” and “Client Secret” in a bash script?
I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.
But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.
A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.
Is it possible to do so?
bash shell-script security api gmail
New contributor
add a comment |
I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.
But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.
A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.
Is it possible to do so?
bash shell-script security api gmail
New contributor
add a comment |
I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.
But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.
A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.
Is it possible to do so?
bash shell-script security api gmail
New contributor
I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.
But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.
A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.
Is it possible to do so?
bash shell-script security api gmail
bash shell-script security api gmail
New contributor
New contributor
New contributor
asked 4 mins ago
Utkarsh VermaUtkarsh Verma
11
11
New contributor
New contributor
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495691%2fhow-to-securely-store-oauth2-clientid-and-client-secret-in-a-bash-script%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.
Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.
Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.
Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495691%2fhow-to-securely-store-oauth2-clientid-and-client-secret-in-a-bash-script%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown