How to securely store OAuth2 “ClientID” and “Client Secret” in a bash script?












0















I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.

But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.

A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.

Is it possible to do so?










share|improve this question







New contributor




Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0















    I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.

    But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.

    A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.

    Is it possible to do so?










    share|improve this question







    New contributor




    Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0








      I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.

      But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.

      A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.

      Is it possible to do so?










      share|improve this question







      New contributor




      Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.

      But I'm in a dilemma concerning how to store the ClientID and Client Secret of my application, because my scripts are open source and on GitHub. They are necessary for the authorization process and I can't think of a way to store them.

      A workaround which I've thought is to ask the users to generate their own OAuth2 credentials and fill them in the program or source them as bash variables. But this doesn't satisfy me since I want my script to behave as a full-fledged application, that is users from anywhere in the world should use the same pair of ClientID and Client Secret. That way I'll be able to monitor my script's usage using the API console.

      Is it possible to do so?







      bash shell-script security api gmail






      share|improve this question







      New contributor




      Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 10 mins ago









      Utkarsh VermaUtkarsh Verma

      11




      11




      New contributor




      Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Utkarsh Verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495691%2fhow-to-securely-store-oauth2-clientid-and-client-secret-in-a-bash-script%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.













          Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.












          Utkarsh Verma is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495691%2fhow-to-securely-store-oauth2-clientid-and-client-secret-in-a-bash-script%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Accessing regular linux commands in Huawei's Dopra Linux

          Can't connect RFCOMM socket: Host is down

          Kernel panic - not syncing: Fatal Exception in Interrupt