Skip to content

Add password for SSH, AWS and GDrive config #600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JoeZiminski wants to merge 125 commits into
base: main
Choose a base branch
from
Open

Add password for SSH, AWS and GDrive config #600

JoeZiminski wants to merge 125 commits into from

Conversation

@JoeZiminski
Copy link
Member

@JoeZiminski JoeZiminski commented Sep 11, 2025
edited
Loading

This PR adds the option to encrypt the RClone config file containing SSH, AWS or GDrive connection information (e.g. private key, passwords, access tokens). The main changes are:

  1. SSH, AWS and GDrive RClone configs are now stored in separate .conf files (previously, the RClone default to store everything in RClone's rclone.conf was used. This is still kept for local_filesystem for backwards compatibility.
  2. There is now an option during set up connections (via Python API or TUI) to encrpy the config file. Doing so will encrypt the file using the operating systems credential manager.

This required quite a lot of refactoring to the setup connection functions (API and TUI) as well as the internal calls to rclone. Now, these calls are wrapped in some functionality that handles unencrypting the rclone config if required.

Tests and documentation have been updated.

This implementation is okay but there is still room for improvement. However, as this PR is pretty big and we just need to get this out, these are reversed for the future (#636).

@JoeZiminski JoeZiminski changed the title Refactor SSH connection to make adding passwords easier. Add password for SSH, AWS and GDrive config Sep 12, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 24, 2025
View reviewed changes
@JoeZiminski JoeZiminski marked this pull request as draft September 29, 2025 16:15
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 30, 2025
View reviewed changes
@JoeZiminski JoeZiminski force-pushed the add_password_to_rclone_config_for_aws_gdrive branch from 53a5a05 to 274fe29 Compare October 2, 2025 18:08
@JoeZiminski JoeZiminski mentioned this pull request Oct 7, 2025
Open
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 7, 2025
View reviewed changes
JoeZiminski
JoeZiminski commented Oct 7, 2025
View reviewed changes
JoeZiminski
JoeZiminski commented Oct 7, 2025
View reviewed changes
@JoeZiminski JoeZiminski changed the base branch from main to refactor_ssh_connection October 7, 2025 21:46
@JoeZiminski JoeZiminski force-pushed the add_password_to_rclone_config_for_aws_gdrive branch 3 times, most recently from 44af5de to 5c21724 Compare November 1, 2025 01:25
Base automatically changed from refactor_ssh_connection to main November 3, 2025 15:30
@JoeZiminski JoeZiminski force-pushed the add_password_to_rclone_config_for_aws_gdrive branch from 350ac89 to 0c2c1b2 Compare November 3, 2025 15:43
@JoeZiminski JoeZiminski marked this pull request as ready for review November 3, 2025 21:39
cs7-shrey
cs7-shrey reviewed Dec 17, 2025
View reviewed changes
Copy link
Collaborator

@cs7-shrey cs7-shrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @JoeZiminski, this is really well thought out. You have covered all the cases here very elegantly. I have dropped a few minor suggestions here and there, otherwise the implementation is logically and structurally very sound.

JoeZiminski and others added 23 commits December 19, 2025 17:15
@JoeZiminski
Revert use of encryption wrapper runner in rclone open function.
c6f58f5
@JoeZiminski @cs7-shrey
Update datashuttle/utils/rclone.py
53d4124 
Co-authored-by: Shrey Singh <96627769+cs7-shrey@users.noreply.github.com>
@JoeZiminski @cs7-shrey
Update datashuttle/utils/rclone.py
7c4da2d 
Co-authored-by: Shrey Singh <96627769+cs7-shrey@users.noreply.github.com>
@JoeZiminski
Merge branch 'add_password_to_rclone_config_for_aws_gdrive' of github…
759c292 
….com:neuroinformatics-unit/datashuttle into add_password_to_rclone_config_for_aws_gdrive
@JoeZiminski
Improve typevar on run_function_that_requires_encrypted_rclone_config…
c999702 
…_access
@JoeZiminski
Remove unused statement.
064211c
@JoeZiminski
Handle retry failed config set up, also don't disable input for faile…
21ca634 
…d encryption set up, and some small tidy ups.
@JoeZiminski
Let user know RClone config setup was sucessful.
1b2095b
@JoeZiminski @cs7-shrey
Update datashuttle/tui/screens/setup_ssh.py
b87d3fb 
Co-authored-by: Shrey Singh <96627769+cs7-shrey@users.noreply.github.com>
@JoeZiminski
Improve encryption message on setup_gdrive.
b609f55
@JoeZiminski
setup ssh rename stage to 'setup_and_ask_for_encryption'.
cf305bb
@JoeZiminski
Fix test rename error.
90520cd
@JoeZiminski
Improve pass set up error message.
58ea734
@JoeZiminski
Improve macos keychain set up error message.
9ffa9bb
@JoeZiminski
Fix placement of, and rename to, remove_rclone_password_env_var.
ae5bc86
@JoeZiminski
Tidy up message.
57cdf46
@JoeZiminski
Remove unused tmp_path.
c00d7dc
@JoeZiminski
Merge branch 'add_password_to_rclone_config_for_aws_gdrive' of github…
401d82b 
….com:neuroinformatics-unit/datashuttle into add_password_to_rclone_config_for_aws_gdrive
@JoeZiminski
Tidy up input monkeypatch for gdrive utils.
8ee69d3
@JoeZiminski
Tidy up input monkeypatch for gdrive utils.
f95577c
@JoeZiminski
Remove unused method on MockConfigs.
c39712d
@JoeZiminski
Centralise test project name.
c1522ca
@JoeZiminski
Tidy up setup_gdrive.
5c94b15
@JoeZiminski JoeZiminski mentioned this pull request Dec 19, 2025
Open
@JoeZiminski JoeZiminski added this to the v0.8.0 milestone Dec 20, 2025
cs7-shrey
cs7-shrey reviewed Dec 20, 2025
View reviewed changes
Copy link
Collaborator

@cs7-shrey cs7-shrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just one small change.

datashuttle/tui/screens/setup_gdrive.py

self.interface = interface
self.no_browser_stage: None | str = "show_command_to_generate_code"
self.no_browser_stage: None | str = "pending"
Copy link
Collaborator

@cs7-shrey cs7-shrey Dec 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant that this variable could be called something like self.client_secret_stage

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cs7-shrey cs7-shrey cs7-shrey left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v0.8.0

Development

Successfully merging this pull request may close these issues.

3 participants

@JoeZiminski @cs7-shrey