Hi Simon and others, You raised earlier a concern that using GITLAB_TOKEN directly in glab is a security concern as users may end up storing API keys in plain text in .bashrc files or similar.
I just filed https://salsa.debian.org/go-team/infra/pkg-go-tools/-/merge_requests/5 that uses the secret-tool to store and retrieve the API key from the Gnome keyring. You can try this: sudo apt install libsecret-tools secret-tool lookup application glab host salsa.debian.org # No output, only exit code 1 secret-tool store --label='GitLab API access token for Salsa' application glab host salsa.debian.org Password: glpat-1234567890 secret-tool lookup application glab host salsa.debian.org glpat-1234567890 I might submit this to
