Ephemeral ApiKey for curl commands

Hi there community,

While using curl proves to be extremely useful (and very satisfying) to upload content to nextcloud through the cli, the security of the process remains uncertain…

Rather than using a

curl -u username:password (...)

Is there any possibility available today to create in nextcloud an (ephemeral, or that can be disabled later on) key and use it for the curl command (instead of the username:password in clear) ?

curl -H @{'apikey' = 'my_key'} (...)

Instead of parsing the user name and password on the command line you can use a netrc file in which you store the credentials. See e.g. for further information:

1 Like

Hi Thanks for this suggestion, it doesn’t answer the question directly, but to be fair it is indeed one possible security solution of the root problem ! :slight_smile: