gptel-gh: Change how tokens are managed #1058
Conversation
marcus-lundgren
force-pushed
the
gh-change-token-management
branch
from
68b1fc9 to
76a1010
Compare
|
@karthink - Do you have any input in how you imagine the workflow to be for this API regarding the GitHub token? With the changes made just recently to present the login function, is it reasonable to have a workflow to perform that in order to get the token that can then be stored elsewhere? |
|
@karthink - Do you have any input in how you imagine the workflow to be for this API regarding the GitHub token?
With the changes made just recently to present the login function, is it reasonable to have a workflow to perform that in order to get the token that can then be stored elsewhere?
Sorry, I haven't looked at this PR yet. I also don't use Copilot so let's hear from @kiennq (the author of gptel-gh) on the proposed changes.
|
Removed the file based persistent storage of the tokens, as they were stored in clear text. They will only be stored in variables. The initial value of the github-token can now be set by providing a function that provides it. This enables this token to be securely stored outside of Emacs.
(float-time) will implicitly use (current-time) if the argument is not specified.
marcus-lundgren
force-pushed
the
gh-change-token-management
branch
from
b31c107 to
7fa9017
Compare
|
@kiennq - A friendly reminder about this PR :) |
|
Sorry for the late reply. Can you add a default/example for |
|
Thanks for your reply, @kiennq! This is what I am currently using: (use-package gptel
:defer t
:config (setq
gptel-backend (gptel-make-gh-copilot "Copilot"
:github-token-init (lambda () (read-passwd "Copilot token: "))))
)I store my token in a password manager, so I use With the current implementation in this PR, the login function is not able to persistently store the newly acquired token. The new token is only stored in a variable and I take the it from the message log, which is not an ideal scenario and hence my request for feedback earlier. Another approach could be to introduce load and save functions that can be given as parameters to Before making the changes in gptel itself, I used the code below as a patch to control how the token was stored. This also has the behavior of only requesting the token once. As you may notice, the logic for the chat message token was kept, but this was before me realising that that is also a thing to keep secret. (use-package gptel
:config
(progn
(defvar my/gh-token nil "Store the Copilot token for GPTel commands.")
(defalias 'original-gptel--gh-save (symbol-function 'gptel--gh-save))
(defalias 'original-gptel--gh-restore (symbol-function 'gptel--gh-restore))
(defun gptel--gh-restore (file)
(if (equal file gptel-gh-github-token-file)
(if my/gh-token
my/gh-token
(progn
(setq my/gh-token
(let ((token (read-passwd "Copilot token: ")))
(if (string= "" token) nil token)))
my/gh-token))
(original-gptel--gh-restore file)))
(defun gptel--gh-save (file obj)
(message "New GH token: %s" obj)
(if (equal file gptel-gh-github-token-file)
(setq my/gh-token obj)
(original-gptel--gh-save file obj))))) |
Removed the file based persistent storage of the tokens, as they were stored in clear text. They will only be stored in variables.
The initial value of the github-token can now be set by providing a function that provides it. This enables this token to be securely stored outside of Emacs.