[GH-ISSUE #268] Auth: Add cleanup for temporary private key files #82

New issue

Closed

opened 2026-02-26 21:33:15 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 21:33:15 +03:00

Owner

Originally created by @rudrankriyam on GitHub (Jan 28, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/268

Problem

When users provide inline private keys via ASC_PRIVATE_KEY or ASC_PRIVATE_KEY_B64 environment variables, the CLI writes these to temporary files in /tmp/asc-key-*.p8. The path is stored in the module-level variable privateKeyTempPath in cmd/shared.go, but there is no cleanup mechanism.

This creates two risks:

If the process crashes or is killed, the temporary key file remains on disk
Long-running processes or daemon-style usage could accumulate orphaned key files
While the file is created with 0o600 permissions, /tmp is a shared directory and the file persists longer than necessary

Affected Code

cmd/shared.go:274-292 - The resolveEnvCredentials function creates the temp file
cmd/shared.go:38 - The privateKeyTempPath module-level variable stores the path but is never used for cleanup

Proposed Solution

Register a cleanup function using defer or an atexit-style handler that removes the temporary file when the CLI exits
Consider using os.CreateTemp with a more restricted parent directory if available
Add a cleanup call in the main function or use a sync.Once pattern to ensure cleanup happens exactly once

Example implementation:

var cleanupOnce sync.Once

func cleanupTempKeyFile() {
    cleanupOnce.Do(func() {
        if privateKeyTempPath != "" {
            os.Remove(privateKeyTempPath)
        }
    })
}

// Call in main or use signal handlers
defer cleanupTempKeyFile()

Optionally, register signal handlers for SIGINT/SIGTERM to ensure cleanup on interrupt

Acceptance Criteria

Temporary key files are removed when the CLI exits normally
Temporary key files are removed when the CLI receives SIGINT or SIGTERM
No key files remain in /tmp after CLI execution completes
Add a test that verifies temp file cleanup

Originally created by @rudrankriyam on GitHub (Jan 28, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/268 ## Problem When users provide inline private keys via `ASC_PRIVATE_KEY` or `ASC_PRIVATE_KEY_B64` environment variables, the CLI writes these to temporary files in `/tmp/asc-key-*.p8`. The path is stored in the module-level variable `privateKeyTempPath` in `cmd/shared.go`, but there is no cleanup mechanism. This creates two risks: 1. If the process crashes or is killed, the temporary key file remains on disk 2. Long-running processes or daemon-style usage could accumulate orphaned key files 3. While the file is created with `0o600` permissions, `/tmp` is a shared directory and the file persists longer than necessary ## Affected Code - `cmd/shared.go:274-292` - The `resolveEnvCredentials` function creates the temp file - `cmd/shared.go:38` - The `privateKeyTempPath` module-level variable stores the path but is never used for cleanup ## Proposed Solution 1. Register a cleanup function using `defer` or an `atexit`-style handler that removes the temporary file when the CLI exits 2. Consider using `os.CreateTemp` with a more restricted parent directory if available 3. Add a cleanup call in the main function or use a `sync.Once` pattern to ensure cleanup happens exactly once Example implementation: ```go var cleanupOnce sync.Once func cleanupTempKeyFile() { cleanupOnce.Do(func() { if privateKeyTempPath != "" { os.Remove(privateKeyTempPath) } }) } // Call in main or use signal handlers defer cleanupTempKeyFile() ``` 4. Optionally, register signal handlers for SIGINT/SIGTERM to ensure cleanup on interrupt ## Acceptance Criteria - Temporary key files are removed when the CLI exits normally - Temporary key files are removed when the CLI receives SIGINT or SIGTERM - No key files remain in `/tmp` after CLI execution completes - Add a test that verifies temp file cleanup