5

I'd like to make a paw file that I can share with colleagues that has no passwords saved in it. It seems that no matter how I make the paw file, the password is embedded - not only in the requests, but in revision history. So I cannot test it with valid passwords, delete the password values, and then save a file that has no passwords.

I was hoping that using a file to store a value would accomplish what I want, but once the file is read, it seems to be embedded in the paw file. I can delete the source password file, and Paw still knows the secret password.

Is there a dynamic value that I should try? Is there some kind of session mode where I can be prompted for the password when I launch Paw?

Thanks

changokun
  • 1,563
  • 3
  • 20
  • 27

1 Answers1

2

HTTP History (Requests / Responses) are not in .paw files

The history of the requests and responses you sent and received that you can see in the right panel is never stored in your .paw files. Rather, it's stored in your library folder, as web browsers and other apps store caches or history data. So you should be safe for that part.

Manually Remove Passwords

You can manually remove passwords. This is bothering, but you can make things easier by using Environments. See Environments and Use Environments as Reusable Presets. This way your passwords are only in one place, and every request only points to that value. You can then remove just this value before sharing.

Use Pawprint

You can share your request with Pawprint, the service we made available to easily share requests and snap of history from Paw. If your password is in the Authorization header, it will be automatically hidden before sharing. In this case, the latest HTTP Exchange / History item will be shared too (with an hidden Authorization header).

Future: we plan to add full support for OS X Keychain (the Keychain Access app). This way, all passwords will be saved securely and outside your .paw files. It will allow you to safely share them with colleagues.

Micha Mazaheri
  • 3,481
  • 1
  • 21
  • 26
  • This is disappointing. Is there also no way to create environments that span multiple files? That would at least make it easy to maintain secret values in a file that's excluded from source control. – Nathaniel Irons Feb 09 '16 at 19:52
  • 1
    Paw 2.3 – which will be released in about a week – is bringing full encryption of your credentials. By default, credentials (such as passwords, secret keys) will be encrypted, but you can also explicitly encrypt a value. The encryption key will be stored in your Keychain, so you can share it with others if needed. Each value is encrypted by a derivate key (PBKDF2 key derivation). Though, no environments cannot span multiple files yet, it's another thing we'd like to add in the future. – Micha Mazaheri Feb 10 '16 at 08:37