Menu

#1297 Securely store sensitive settings

4.1
closed-fixed
Aaron Madlon-Kay
None
5
2017-01-09
2016-12-29
Aaron Madlon-Kay
No

Sensitive settings such as API keys or credentials for external services (MT providers, etc.) have been traditionally set on the command line, as OmegaT did not have a way to store them securely.

There is now a CredentialsManager class that can store such settings with encryption.

Upon first storing a credential the user will be prompted to set a "master password", which serves as an encryption key. The default (and most secure) path does not store the master password on disk, so the user will have to re-enter it on every launch of OmegaT.

The user can optionally "skip" setting the master password, in which case a random password is generated and stored to disk. The user will not be prompted on subsequent launches, but this is less secure as the encryption key is readily available to attackers.

The Secure Storage preferences view allows the user to check the status of the master password and to reset it. Resetting the master password makes all stored encrypted values inaccessible (they are not erased, but they are treated by the program as nonexistent).

Related

Feature Requests: #1298

Discussion

  • Aaron Madlon-Kay

    Aaron Madlon-Kay - 2016-12-29

    Implemented in trunk, r9437.

     

  • Didier Briel

    Didier Briel - 2017-01-09
    • status: open-fixed --> closed-fixed
    • Group: 4.0 --> 4.1
     

  • Didier Briel

    Didier Briel - 2017-01-09

    Implemented in the released version 4.1 of OmegaT.

    Didier

     

Log in to post a comment.