Skip to content

sqlcmd contexts store passwords with --password-encryption none — add perms enforcement + document the limitation #96

Description

@PascalTemel

lib/installers/sqlcmd.js:116 creates sqlcmd users with --password-encryption none, so DB passwords land effectively plaintext (base64) in ~/.sqlcmd/sqlconfig.

Nuance: go-sqlcmd's only alternative (dpapi) is Windows-only, so none may genuinely be the only cross-platform value. If so, the fix is defense-in-depth rather than a flag change:

  • Verify/enforce 0600 on ~/.sqlcmd/sqlconfig after context creation (the setup already passes the password via SQLCMD_PASSWORD env rather than argv, which is good — sqlcmd.js:119).
  • Document the at-rest limitation in cli-sqlcmd.md.
  • Consider whether stage credentials should live here at all long-term vs. an auth broker.

Related irony: the codebase exports a writeFileSecure helper (lib/shell.js:98-100) that nothing calls.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions