PhilflowIO/tsdav

Feature: Init wizard should store credentials in .env file

Open

#23 opened on 2025年11月5日

GitHub で見る
 (0 comments) (0 reactions) (0 assignees)TypeScript (0 forks)auto 404
enhancementgood first issue

Repository metrics

Stars
 (0 stars)
PR merge metrics
 (PR metrics pending)

説明

Feature: Init wizard should store credentials in .env file

Problem

Currently, the init command creates a configuration file with credentials stored in plaintext:

{
  "source": {
    "credentials": {
      "username": "my-username",
      "password": "my-secret-password"
    }
  }
}

Issues with this approach:

  • ❌ Passwords visible in plaintext JSON files
  • ❌ Risk of accidentally committing credentials to version control
  • ❌ Not following industry best practices
  • ❌ Poor DX when sharing configs across teams

Proposed Solution

The init wizard should automatically create two files:

1. .env file (contains actual credentials)

SOURCE_USERNAME=my-username
SOURCE_PASSWORD=my-secret-password
TARGET_USERNAME=target-user
TARGET_PASSWORD=target-password

2. Config JSON (contains references)

{
  "source": {
    "credentials": {
      "username": "env:SOURCE_USERNAME",
      "password": "env:SOURCE_PASSWORD"
    }
  }
}

Implementation Details

Changes to init.ts:

  1. Collect credentials during wizard

    • Use inquirer with type: 'password' for hidden input
  2. Write to .env file

    const envContent = `
    # Source Provider Credentials
    SOURCE_USERNAME=${sourceUsername}
    SOURCE_PASSWORD=${sourcePassword}
    
    # Target Provider Credentials
    TARGET_USERNAME=${targetUsername}
    TARGET_PASSWORD=${targetPassword}
    `.trim();
    
    fs.writeFileSync('.env', envContent);
    
  3. Generate config with env references

    const config = {
      source: {
        credentials: {
          username: 'env:SOURCE_USERNAME',
          password: 'env:SOURCE_PASSWORD'
        }
      }
    };
    
  4. Update .gitignore

    • Add .env if not already present
    • Show warning to user
  5. Create .env.template

    # Copy this to .env and fill in your credentials
    SOURCE_USERNAME=
    SOURCE_PASSWORD=
    TARGET_USERNAME=
    TARGET_PASSWORD=
    

User Feedback:

✓ Configuration saved to: my-migration.json
✓ Credentials saved to: .env

⚠️  Important: Never commit .env to version control!
    The .env file has been added to .gitignore.

💡 Tip: Share .env.template with your team (without credentials)

Benefits

Security: Credentials never stored in JSON config ✅ Git-safe: .env automatically ignored ✅ Industry standard: Follows practices used by Next.js, Prisma, Supabase ✅ Team-friendly: Each developer has their own .envDX improvement: One-time credential entry

Examples from Other Tools

Next.js:

npx create-next-app
# Creates: .env.local

Prisma:

prisma init
# Creates: .env with DATABASE_URL

Supabase:

supabase init
# Creates: .env with API keys

Alternative Considered

Keep current behavior but add a --use-env flag:

dav-migrate init --use-env

However, this makes the secure approach opt-in rather than default, which is less ideal.

Suggested Labels

  • enhancement
  • security
  • cli
  • good first issue

コントリビューターガイド