Why ~/.netrc?

[mitchellwrosen]

Hi folks, I'm curious why there is a requirement to store hackage credentials in plaintext in a ~/.netrc file in order to use this tool.

By comparison, travis-ci has a command-line tool that can encrypt arbitrary data like environment variables, using some hard-coded public keys owned by travis-ci.com, which allows you to store secrets in public .travis.yml files.

[phadej]

You don't store your ~/.aws/credentials publicly either, do you?

[phadej]

edit: it would be nice if operating systems provided easy way to interact with their built-in keychains. But I haven't found that easy.

[phadej]

@hvr pointed on IRC that there's a convention to use ~/.netrc.gpg https://bryanwweber.com/writing/personal/2016/01/01/how-to-set-up-an-encrypted-netrc-file-with-gpg-for-github-2fa-access/

I can implement that feature, I have done something similar already for myself before.

[hvriedel]

This is being addressed by #12

[amigalemming]

cabal upload asks for the password if not stored in .cabal/config. I'd prefer this behaviour for hackage-cli, too. That is, if password is missing in .netrc then haskage-cli should ask for it on the command line.