fix(login): Deprecate CLI token #15057
Conversation
This came up in rust-lang#13623 to avoid putting tokens into shell history.
|
r? @weihanglo rustbot has assigned @weihanglo. Use |
rustbot
added
A-cli
epage
force-pushed
the
login
branch
3 times, most recently
from
47af6dc to
5f93571
Compare
I do not believe we've discussed this as a team yet. Open to FCP or team meeting discussion. |
|
FWIW I've seen @woodruffw use https://developer.1password.com/docs/cli/reference/commands/read/ to use command line options like this in a seemingly safe way. I wonder if we really need to deprecate this option, or if a strong warning in the documentation/help text would be sufficient. though to be fair, this is probably irrelevant for the |
Do you suggest keeping doc/helptext for discoverable reasons? I am fine with that as well :) |
|
I feel like |
Yep, I frequently use that or similar (e.g. Ultimately, passing secrets between processes without an actual authenticated IPC channel/system secret manager is pretty difficult to do in a completely secure way 😅 -- even IMO it'd be reasonable to nudge users towards providing tokens via |
|
To clarify, because of the stability guarantee Cargo cannot remove the flag (see #13623 (comment)). Deprecation here means, well, a big warning 😆. |
Ah, sorry for the confusion! I badly misread the diff as actually removing the positional, not merely hiding it 😅 |
I wasn't aware either that the plan is not to remove the flag. The word "deprecated" to me means that it would go away in a future version. I think I would personally prefer the second option mentioned in #13623 (comment):
|
epage
force-pushed
the
login
branch
2 times, most recently
from
696a577 to
0e8578b
Compare
|
@rfcbot fcp merge This PR deprecates the optional
Folks, take your time to check in boxes. This is not an urgent FCP. |
|
Team member @weihanglo has proposed to merge this. The next step is review by the rest of the tagged team members: No concerns currently listed. Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
rfcbot
added
proposed-final-comment-period
rfcbot
added
the
final-comment-period
|
🔔 This is now entering its final comment period, as per the review above. 🔔 |
rfcbot
removed
the
proposed-final-comment-period
Update cargo 11 commits in cecde95c119a456c30e57d3e4b31fff5a7d83df4..776129a2b93928a67ec4c2f8e5bc3cfeb5bc06cd 2025-01-24 17:15:24 +0000 to 2025-01-30 15:34:14 +0000 - Don't suggest `cargo login` when using incompatible credental providers (rust-lang/cargo#15124) - chore: Update clap_complete (rust-lang/cargo#15121) - Move the changelog to the cargo book (rust-lang/cargo#15119) - Conditionally mark the `test` cfg as a well known cfg (rust-lang/cargo#15007) - fix broken links in the Cargo book (rust-lang/cargo#15109) - Fix a typo and touch up documentation (rust-lang/cargo#15108) - Fix shared_std_dependency_rebuild running on Windows (rust-lang/cargo#15111) - Fix warnings on Windows (rust-lang/cargo#15112) - fix(login): Deprecate CLI token (rust-lang/cargo#15057) - Update tests to fix nightly errors (rust-lang/cargo#15110) - Fix comment on Ord for SourceId (rust-lang/cargo#15103)
Update cargo try-job: dist-aarch64-linux 11 commits in cecde95c119a456c30e57d3e4b31fff5a7d83df4..776129a2b93928a67ec4c2f8e5bc3cfeb5bc06cd 2025-01-24 17:15:24 +0000 to 2025-01-30 15:34:14 +0000 - Don't suggest `cargo login` when using incompatible credental providers (rust-lang/cargo#15124) - chore: Update clap_complete (rust-lang/cargo#15121) - Move the changelog to the cargo book (rust-lang/cargo#15119) - Conditionally mark the `test` cfg as a well known cfg (rust-lang/cargo#15007) - fix broken links in the Cargo book (rust-lang/cargo#15109) - Fix a typo and touch up documentation (rust-lang/cargo#15108) - Fix shared_std_dependency_rebuild running on Windows (rust-lang/cargo#15111) - Fix warnings on Windows (rust-lang/cargo#15112) - fix(login): Deprecate CLI token (rust-lang/cargo#15057) - Update tests to fix nightly errors (rust-lang/cargo#15110) - Fix comment on Ord for SourceId (rust-lang/cargo#15103)
rfcbot
added
finished-final-comment-period
Update cargo 12 commits in cecde95c119a456c30e57d3e4b31fff5a7d83df4..0e3d73849ab8cbbab3ec5c65cbd555586cb21339 2025-01-24 17:15:24 +0000 to 2025-02-01 20:14:40 +0000 - Revert "Conditionally mark the `test` cfg as a well known cfg (rust-lang/cargo#15007)" (rust-lang/cargo#15132) - Don't suggest `cargo login` when using incompatible credental providers (rust-lang/cargo#15124) - chore: Update clap_complete (rust-lang/cargo#15121) - Move the changelog to the cargo book (rust-lang/cargo#15119) - Conditionally mark the `test` cfg as a well known cfg (rust-lang/cargo#15007) - fix broken links in the Cargo book (rust-lang/cargo#15109) - Fix a typo and touch up documentation (rust-lang/cargo#15108) - Fix shared_std_dependency_rebuild running on Windows (rust-lang/cargo#15111) - Fix warnings on Windows (rust-lang/cargo#15112) - fix(login): Deprecate CLI token (rust-lang/cargo#15057) - Update tests to fix nightly errors (rust-lang/cargo#15110) - Fix comment on Ord for SourceId (rust-lang/cargo#15103)
Update cargo 12 commits in cecde95c119a456c30e57d3e4b31fff5a7d83df4..0e3d73849ab8cbbab3ec5c65cbd555586cb21339 2025-01-24 17:15:24 +0000 to 2025-02-01 20:14:40 +0000 - Revert "Conditionally mark the `test` cfg as a well known cfg (rust-lang/cargo#15007)" (rust-lang/cargo#15132) - Don't suggest `cargo login` when using incompatible credental providers (rust-lang/cargo#15124) - chore: Update clap_complete (rust-lang/cargo#15121) - Move the changelog to the cargo book (rust-lang/cargo#15119) - Conditionally mark the `test` cfg as a well known cfg (rust-lang/cargo#15007) - fix broken links in the Cargo book (rust-lang/cargo#15109) - Fix a typo and touch up documentation (rust-lang/cargo#15108) - Fix shared_std_dependency_rebuild running on Windows (rust-lang/cargo#15111) - Fix warnings on Windows (rust-lang/cargo#15112) - fix(login): Deprecate CLI token (rust-lang/cargo#15057) - Update tests to fix nightly errors (rust-lang/cargo#15110) - Fix comment on Ord for SourceId (rust-lang/cargo#15103)
Upstream changes relative to 1.85.1: Version 1.86.0 (2025-04-03) ========================== Language -------- - [Stabilize upcasting trait objects to supertraits.] (rust-lang/rust#134367) - [Allow safe functions to be marked with the `#[target_feature]` attribute.] (rust-lang/rust#134090) - [The `missing_abi` lint now warns-by-default.] (rust-lang/rust#132397) - Rust now lints about double negations, to catch cases that might have intended to be a prefix decrement operator (`--x`) as written in other languages. This was previously a clippy lint, `clippy::double_neg`, and is [now available directly in Rust as `double_negations`.] (rust-lang/rust#126604) - [More pointers are now detected as definitely not-null based on their alignment in const eval.] (rust-lang/rust#133700) - [Empty `repr()` attribute applied to invalid items are now correctly rejected.] (rust-lang/rust#133925) - [Inner attributes `#![test]` and `#![rustfmt::skip]` are no longer accepted in more places than intended.] (rust-lang/rust#134276) Compiler -------- - [Debug-assert that raw pointers are non-null on access.] (rust-lang/rust#134424) - [Change `-O` to mean `-C opt-level=3` instead of `-C opt-level=2` to match Cargo's defaults.] (rust-lang/rust#135439) - [Fix emission of `overflowing_literals` under certain macro environments.] (rust-lang/rust#136393) Platform Support ---------------- - [Replace `i686-unknown-redox` target with `i586-unknown-redox`.] (rust-lang/rust#136698) - [Increase baseline CPU of `i686-unknown-hurd-gnu` to Pentium 4.] (rust-lang/rust#136700) - New tier 3 targets: - [`{aarch64-unknown,x86_64-pc}-nto-qnx710_iosock`] (rust-lang/rust#133631). For supporting Neutrino QNX 7.1 with `io-socket` network stack. - [`{aarch64-unknown,x86_64-pc}-nto-qnx800`] (rust-lang/rust#133631). For supporting Neutrino QNX 8.0 (`no_std`-only). - [`{x86_64,i686}-win7-windows-gnu`] (rust-lang/rust#134609). Intended for backwards compatibility with Windows 7. `{x86_64,i686}-win7-windows-msvc` are the Windows MSVC counterparts that already exist as Tier 3 targets. - [`amdgcn-amd-amdhsa`](rust-lang/rust#134740). - [`x86_64-pc-cygwin`](rust-lang/rust#134999). - [`{mips,mipsel}-mti-none-elf`] (rust-lang/rust#135074). Initial bare-metal support. - [`m68k-unknown-none-elf`](rust-lang/rust#135085). - [`armv7a-nuttx-{eabi,eabihf}`, `aarch64-unknown-nuttx`, and `thumbv7a-nuttx-{eabi,eabihf}`] (rust-lang/rust#135757). Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - The type of `FromBytesWithNulError` in `CStr::from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, FromBytesWithNulError>` was [changed from an opaque struct to an enum] (rust-lang/rust#134143), allowing users to examine why the conversion failed. - [Remove `RustcDecodable` and `RustcEncodable`.] (rust-lang/rust#134272) - [Deprecate libtest's `--logfile` option.] (rust-lang/rust#134283) - [On recent versions of Windows, `std::fs::remove_file` will now remove read-only files.] (rust-lang/rust#134679) Stabilized APIs --------------- - [`{float}::next_down`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.next_down) - [`{float}::next_up`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.next_up) - [`<[_]>::get_disjoint_mut`] (https://doc.rust-lang.org/stable/std/primitive.slice.html#method.get_disjoint_mut) - [`<[_]>::get_disjoint_unchecked_mut`] (https://doc.rust-lang.org/stable/std/primitive.slice.html#method.get_disjoint_unchecked_mut) - [`slice::GetDisjointMutError`] (https://doc.rust-lang.org/stable/std/slice/enum.GetDisjointMutError.html) - [`HashMap::get_disjoint_mut`] (https://doc.rust-lang.org/std/collections/hash_map/struct.HashMap.html#method.get_disjoint_mut) - [`HashMap::get_disjoint_unchecked_mut`] (https://doc.rust-lang.org/std/collections/hash_map/struct.HashMap.html#method.get_disjoint_unchecked_mut) - [`NonZero::count_ones`] (https://doc.rust-lang.org/stable/std/num/struct.NonZero.html#method.count_ones) - [`Vec::pop_if`] (https://doc.rust-lang.org/std/vec/struct.Vec.html#method.pop_if) - [`sync::Once::wait`] (https://doc.rust-lang.org/stable/std/sync/struct.Once.html#method.wait) - [`sync::Once::wait_force`] (https://doc.rust-lang.org/stable/std/sync/struct.Once.html#method.wait_force) - [`sync::OnceLock::wait`] (https://doc.rust-lang.org/stable/std/sync/struct.OnceLock.html#method.wait) These APIs are now stable in const contexts: - [`hint::black_box`] (https://doc.rust-lang.org/stable/std/hint/fn.black_box.html) - [`io::Cursor::get_mut`] (https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.get_mut) - [`io::Cursor::set_position`] (https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.set_position) - [`str::is_char_boundary`] (https://doc.rust-lang.org/stable/std/primitive.str.html#method.is_char_boundary) - [`str::split_at`] (https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at) - [`str::split_at_checked`] (https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_checked) - [`str::split_at_mut`] (https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_mut) - [`str::split_at_mut_checked`] (https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_mut_checked) Cargo ----- - [When merging, replace rather than combine configuration keys that refer to a program path and its arguments.] (rust-lang/cargo#15066) - [Error if both `--package` and `--workspace` are passed but the requested package is missing.] (rust-lang/cargo#15071) This was previously silently ignored, which was considered a bug since missing packages should be reported. - [Deprecate the token argument in `cargo login` to avoid shell history leaks.] (rust-lang/cargo#15057) - [Simplify the implementation of `SourceID` comparisons.] (rust-lang/cargo#14980) This may potentially change behavior if the canonicalized URL compares differently in alternative registries. Rustdoc ----- - [Add a sans-serif font setting.] (rust-lang/rust#133636) Compatibility Notes ------------------- - [The `wasm_c_abi` future compatibility warning is now a hard error.] (rust-lang/rust#133951) Users of `wasm-bindgen` should upgrade to at least version 0.2.89, otherwise compilation will fail. - [Remove long-deprecated no-op attributes `#![no_start]` and `#![crate_id]`.] (rust-lang/rust#134300) - [The future incompatibility lint `cenum_impl_drop_cast` has been made into a hard error.] (rust-lang/rust#135964) This means it is now an error to cast a field-less enum to an integer if the enum implements `Drop`. - [SSE2 is now required for "i686" 32-bit x86 hard-float targets; disabling it causes a warning that will become a hard error eventually.] (rust-lang/rust#137037) To compile for pre-SSE2 32-bit x86, use a "i586" target instead. Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - [Build the rustc on AArch64 Linux with ThinLTO + PGO.] (rust-lang/rust#133807) The ARM 64-bit compiler (AArch64) on Linux is now optimized with ThinLTO and PGO, similar to the optimizations we have already performed for the x86-64 compiler on Linux. This should make it up to 30% faster.
What does this PR try to resolve?
This came up in #13623 to avoid putting tokens into shell history.
How should we test and review this PR?
The exact approach to deprecation can vary
<token>in at least some docs for discovery (most likely the man page)etc
I also suspect we could reorganize
cargo help loginbut wanted to decouple that from this change.Additional information