I'm trying to build a TUI that would use go-librespot to actually play the songs.
When i was tring to figure out how to pass credentials from my TUI to go-librespot i noticed the project stores the credentials in a plain json file.
Furthermore, we have an option in the config file use uses plain txt access token for auth.
I feel like this is a security risk
we should try storing the creds in the OS keyring before falling back to storing them in a file.
I would be willing to work on this if the maintainers are alligned
What do you guys think?
I'm trying to build a TUI that would use go-librespot to actually play the songs.
When i was tring to figure out how to pass credentials from my TUI to
go-librespoti noticed the project stores the credentials in a plain json file.Furthermore, we have an option in the config file use uses plain txt access token for auth.
I feel like this is a security risk
we should try storing the creds in the OS keyring before falling back to storing them in a file.
I would be willing to work on this if the maintainers are alligned
What do you guys think?