config: allow suppying the gitlab token via env var

This would allow to supply the gitlab tokens via the env var
DEVTOOLS_GITLAB_TOKEN and therefore allow users to choose whatever
program they want to fill this env var.

Closes #113

Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>

3 files changed, 22 insertions, 3 deletions

diff --git a/doc/man/pkgctl-auth-login.1.asciidoc b/doc/man/pkgctl-auth-login.1.asciidoc
index 9c32ab2..eeeec4e 100644
--- a/doc/man/pkgctl-auth-login.1.asciidoc
+++ b/doc/man/pkgctl-auth-login.1.asciidoc
@@ -16,6 +16,13 @@ Interactively authenticate with the GitLab instance.
 
 The minimum required scopes for the token are: 'api', 'write_repository'.
 
+The GitLab API token can either be stored in a plaintext file in
+'$XDG_CONFIG_HOME/devtools/gitlab.conf', or supplied via the
+'DEVTOOLS_GITLAB_TOKEN' environment variable using any command (gpg, vault,
+password manager) by declaring a shell alias:
+
+    $ alias pkgctl='DEVTOOLS_GITLAB_TOKEN="$(command to obtain token)" pkgctl'
+
 Options
 -------
 
diff --git a/src/lib/auth/login.sh b/src/lib/auth/login.sh
index 083e80a..d427676 100644
--- a/src/lib/auth/login.sh
+++ b/src/lib/auth/login.sh
@@ -27,6 +27,10 @@ pkgctl_auth_login_usage() {
 
 		The minimum required scopes for the token are: 'api', 'write_repository'.
 
+		The GitLab API token can either be stored in a plaintext file, or
+		supplied via the DEVTOOLS_GITLAB_TOKEN environment variable using a
+		vault, see pkgctl-auth-login(1) for details.
+
 		OPTIONS
 		    -g, --gen-access-token   Open the URL to generate a new personal access token
 		    -h, --help               Show this help text
@@ -66,6 +70,10 @@ pkgctl_auth_login() {
 
 	Tip: you can generate a Personal Access Token here ${personal_access_token_url}
 	The minimum required scopes are 'api' and 'write_repository'.
+
+	If you do not want to store the token in a plaintext file, you can abort
+	the following prompt and supply the token via the DEVTOOLS_GITLAB_TOKEN
+	environment variable using a vault, see pkgctl-auth-login(1) for details.
 _EOF_
 
 	if (( GEN_ACESS_TOKEN )); then
diff --git a/src/lib/config.sh b/src/lib/config.sh
index 5034c6e..ba6532e 100644
--- a/src/lib/config.sh
+++ b/src/lib/config.sh
@@ -14,11 +14,15 @@ readonly XDG_DEVTOOLS_GITLAB_CONFIG="${XDG_DEVTOOLS_DIR}/gitlab.conf"
 export GITLAB_TOKEN=""
 
 load_devtools_config() {
-	if [[ ! -f "${XDG_DEVTOOLS_GITLAB_CONFIG}" ]]; then
-		GITLAB_TOKEN=""
+	if [[ -n "${DEVTOOLS_GITLAB_TOKEN}" ]]; then
+		GITLAB_TOKEN="${DEVTOOLS_GITLAB_TOKEN}"
 		return
 	fi
-	GITLAB_TOKEN=$(grep GITLAB_TOKEN "${XDG_DEVTOOLS_GITLAB_CONFIG}"|cut -d= -f2|cut -d\" -f2)
+	if [[ -f "${XDG_DEVTOOLS_GITLAB_CONFIG}" ]]; then
+		GITLAB_TOKEN=$(grep GITLAB_TOKEN "${XDG_DEVTOOLS_GITLAB_CONFIG}"|cut -d= -f2|cut -d\" -f2)
+		return
+	fi
+	GITLAB_TOKEN=""
 }
 
 save_devtools_config() {