Salsa token and privacy

To: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Salsa token and privacy
From: PICCA Frederic-Emmanuel <frederic-emmanuel.picca@synchrotron-soleil.fr>
Date: Mon, 6 Aug 2018 17:05:24 +0000
Message-id: <[🔎] A2A20EC3B8560D408356CAC2FC148E530156B3B476@SUN-DAG3.synchrotron-soleil.fr>

Hello,

I was using a nitrokey pro + gpg-agent in order to  connect via ssh to the debian infrastructure.
Now that we have salsa, it seems that the way to go is to use salsa token in order to automake a bunch of tasks.

So now I need to put somewhere on a disk my salsa token, in fact on every computer where I want to use this token.
And it means a lot.

I would like to have something like the previous setup where all my private information are stores on the nitrokey.

do you know if the salsa api (in fact gitlab api) can be access more securely than via a token which is copied multiple times  everywhere.
and if not how are you dealing with this ?

Frederic

PS: Nothing polemic here please, I have just this concern about the token privacy.

Reply to:

Follow-Ups:
- Re: Salsa token and privacy
  - From: Inaki Malerba <inaki@malerba.space>
- Re: Salsa token and privacy
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Questions about packaging systemd unit files
Next by Date: Re: Questions about packaging systemd unit files
Previous by thread: Bug#905560: ITP: jaxrpc-api -- Java API for XML based RPC (JAX-RPC)
Next by thread: Re: Salsa token and privacy
Index(es):
- Date
- Thread