Store access token in env variable CF_ACCESS_TOKEN alternatively to ~/.cf/config.json #3727
Description
What's the user value of this feature request?
User will get the option to store access code only in current session rather then writing it to the filesystem.
Who is the functionality for?
Any cf user be it an end user or an operator.
How often will this functionality be used by the user?
When logging in from an unsafe environment e.g. using a shared account on a jump host.
Who else is affected by the change?
No. It should be implemented as an alternative to how it is handled currently.
Is your feature request related to a problem? Please describe.
In some cases we use shared environments like a jump host where in some cases shared accounts are used to login e.g. emergency user. If cf cli writes my access token to disk it can be seen and used by any other user logged in with the same account.
Same issue exists if you ssh into a container and use cf or if you use a webshell like jupyter notebook.
Describe the solution you'd like
cf login command should support an option e.g. --token-to-env which exports the access token to the environment e.g. variable CF_ACCESS_TOKEN . Subsequent cf commands would respect the env veriable if no access token is stored in .cf/config.json
Describe alternatives you've considered
cf login could also have a flag -oauth-token the would just return the access token like in cf oauth-token . So the user could store it in CF_ACCESS_TOKEN which would then need to be respected by other cf commands.
Additional context
n.a.