From a57449dcd2abe1fa5dae195470fccc9a9a398e04 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Sun, 26 May 2019 22:11:36 -0700 Subject: Allow for disabling of secret caching So far we have cached secrets in gpg-agent(1) whenever that made sense to do (i.e., for the two PINs in most contexts but not for passwords). While there is reason to believe that such caching is desired by the majority of users, not everybody has a use for it. To give users an opportunity to opt out of such caching, this change introduces a new environment variable, NITROCLI_NO_CACHE, that, when present in the environment, instructs the program to bypass the cache for all operations that require a secret and to instead inquire such secrets each time they are needed. --- nitrocli/src/main.rs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'nitrocli/src/main.rs') diff --git a/nitrocli/src/main.rs b/nitrocli/src/main.rs index 1629167..5cb3faf 100644 --- a/nitrocli/src/main.rs +++ b/nitrocli/src/main.rs @@ -102,6 +102,7 @@ const NITROCLI_USER_PIN: &str = "NITROCLI_USER_PIN"; const NITROCLI_NEW_ADMIN_PIN: &str = "NITROCLI_NEW_ADMIN_PIN"; const NITROCLI_NEW_USER_PIN: &str = "NITROCLI_NEW_USER_PIN"; const NITROCLI_PASSWORD: &str = "NITROCLI_PASSWORD"; +const NITROCLI_NO_CACHE: &str = "NITROCLI_NO_CACHE"; /// The context used when running the program. pub(crate) struct RunCtx<'io> { @@ -123,6 +124,8 @@ pub(crate) struct RunCtx<'io> { pub new_user_pin: Option, /// A password used by some commands, if provided through an environment variable. pub password: Option, + /// Whether to bypass the cache for all secrets or not. + pub no_cache: bool, } fn run<'ctx, 'io: 'ctx>(ctx: &'ctx mut RunCtx<'io>, args: Vec) -> i32 { @@ -157,6 +160,7 @@ fn main() { new_admin_pin: env::var_os(NITROCLI_NEW_ADMIN_PIN), new_user_pin: env::var_os(NITROCLI_NEW_USER_PIN), password: env::var_os(NITROCLI_PASSWORD), + no_cache: env::var_os(NITROCLI_NO_CACHE).is_some(), }; let rc = run(ctx, args); -- cgit v1.2.1