Problem
Tokens are currently stored in plain text in ~/.apify/auth.json. This is not ideal from a security perspective, and it also makes authentication harder to discover and use programmatically (e.g. for AI agents).
Proposal
- Move credential storage to the OS keyring (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux).
- Fall back to the existing
~/.apify/auth.json file when the keyring is unavailable (e.g. headless Linux without a Secret Service).
- Make authentication discoverable and easy to use for agents.
Reference
Open questions
- If we implement it, it is breaking change? Or we can keep "both versions", and in
2.0.0 remove the plain text implmenetation.
- Maybe just logout everyone, and make them to login. Or maybe just write script to migrate it.
Problem
Tokens are currently stored in plain text in
~/.apify/auth.json. This is not ideal from a security perspective, and it also makes authentication harder to discover and use programmatically (e.g. for AI agents).Proposal
~/.apify/auth.jsonfile when the keyring is unavailable (e.g. headless Linux without a Secret Service).Reference
Open questions
2.0.0remove the plain text implmenetation.