[GH-ISSUE #271] Auth: Show explicit storage location in auth status output #86

New issue

Closed

opened 2026-02-26 21:33:16 +03:00 by kerem · 1 comment

kerem commented 2026-02-26 21:33:16 +03:00

Owner

Copy link

Originally created by @rudrankriyam on GitHub (Jan 28, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/271

Problem

When the system keychain is unavailable, the CLI silently falls back to storing credentials in the config file at ~/.asc/config.json. Users may believe their credentials are secured in the system keychain when they are actually stored in a plain JSON file. The auth status command does not clearly indicate which storage backend is being used.

This silent fallback behavior is defined in internal/auth/keychain.go:250-288:

credentials, err := listFromKeychain()
if err == nil {
    return credentials, nil
}
if !isKeyringUnavailable(err) {
    return nil, err
}
return listFromConfig()  // Silent fallback

Affected Code

• internal/auth/keychain.go:250-288 - The ListCredentials function with silent fallback
• cmd/auth.go:320-356 - The auth status command output formatting

Proposed Solution

1. Modify auth status to explicitly show the storage backend being used
2. Add a warning when falling back from keychain to config file
3. Show the storage location in both login confirmation and status output

Example improved auth status output:

Credential Storage: System Keychain (secure)
  Location: login keychain

Active Profile: default
  Key ID: ABC123DEF
  Issuer ID: 12345678-1234-1234-1234-123456789012
  Private Key: /path/to/key.p8

Or when using config file fallback:

Credential Storage: Config File (less secure)
  Location: /Users/username/.asc/config.json
  Warning: System keychain unavailable. Credentials stored in plain text.

Active Profile: default
  ...

4. During auth login, inform users where credentials will be stored before saving

Acceptance Criteria

• auth status shows the storage backend type (keychain or config file)
• auth status shows the storage location path
• Warning is displayed when using config file fallback
• auth login confirms storage location before saving
• Add a --verbose flag to show additional storage details
• Add tests for storage location output

Originally created by @rudrankriyam on GitHub (Jan 28, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/271 ## Problem When the system keychain is unavailable, the CLI silently falls back to storing credentials in the config file at `~/.asc/config.json`. Users may believe their credentials are secured in the system keychain when they are actually stored in a plain JSON file. The `auth status` command does not clearly indicate which storage backend is being used. This silent fallback behavior is defined in `internal/auth/keychain.go:250-288`: ```go credentials, err := listFromKeychain() if err == nil { return credentials, nil } if !isKeyringUnavailable(err) { return nil, err } return listFromConfig() // Silent fallback ``` ## Affected Code - `internal/auth/keychain.go:250-288` - The `ListCredentials` function with silent fallback - `cmd/auth.go:320-356` - The `auth status` command output formatting ## Proposed Solution 1. Modify `auth status` to explicitly show the storage backend being used 2. Add a warning when falling back from keychain to config file 3. Show the storage location in both login confirmation and status output Example improved `auth status` output: ``` Credential Storage: System Keychain (secure) Location: login keychain Active Profile: default Key ID: ABC123DEF Issuer ID: 12345678-1234-1234-1234-123456789012 Private Key: /path/to/key.p8 ``` Or when using config file fallback: ``` Credential Storage: Config File (less secure) Location: /Users/username/.asc/config.json Warning: System keychain unavailable. Credentials stored in plain text. Active Profile: default ... ``` 4. During `auth login`, inform users where credentials will be stored before saving ## Acceptance Criteria - `auth status` shows the storage backend type (keychain or config file) - `auth status` shows the storage location path - Warning is displayed when using config file fallback - `auth login` confirms storage location before saving - Add a `--verbose` flag to show additional storage details - Add tests for storage location output

kerem closed this issue 2026-02-26 21:33:17 +03:00

kerem commented 2026-02-26 21:33:18 +03:00

Author

Owner

Copy link

@rudrankriyam commented on GitHub (Jan 28, 2026):

Closing per request. Reopen if any auth issues remain.

<!-- gh-comment-id:3813564303 --> @rudrankriyam commented on GitHub (Jan 28, 2026): Closing per request. Reopen if any auth issues remain.

kerem referenced this issue 2026-02-26 21:34:27 +03:00

[PR #107] [MERGED] Signing files fetch command #290

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#86

No description provided.