| ▲ | madeofpalk 8 hours ago | |
You're sure you don't have something lying around in ~/.config ? Until recently the github cli would just save its refresh token as a plain text file. AWS CLI loves to have secrets sitting around in a file https://docs.aws.amazon.com/cli/latest/userguide/cli-configu... | ||
| ▲ | diggan 8 hours ago | parent [-] | |
I don't use AWS and looking in ~/.config/gh I see two config files, no plain-text secrets. With that said, it's not impossible some tool leaks their secrets into ~/.local, ~/.cache or ~/.config I suppose. I thought they were referencing the common approach of adding environment variables with plaintext secrets to your shell config or as an individual file in $HOME, which been a big no-no for as long as I can remember. I guess I'd reword it to "I'm not manually putting any cleartext secrets on disk" or something instead, if we wanted it to be 100% accurate. | ||