Enable SF sf org login jwt to receive JWT private key from stdin

[jefersonchaves]

Feature Request

It would be awesome if sf org login jwtcould receive the auth URL from stdin, avoiding storing this secret in plain-text in a file.

Similar to how sf org login sfdx-url can now

[mshanemc]

Which flag is the auth url? the instance-url? Is that really a secret?

Are you maybe thinking of the --jwt-key-file ?

[jefersonchaves]

Hey @mshanemc, the flag is jwt-key-file today.

I'm suggesting having something like --jwt-key-stdin for sf org login jwt because this is a private key. So, on the like of Github action I can do something like:

- name: 'Authenticate'
        env:
          SF_JWT_KEY: ${{ secrets.SF_JWT_KEY }}
        run: |
          echo "${{ env.SF_JWT_KEY }}" | sf org login jwt --set-default --jwt-key-stdin

Instead of having to first save into the disk (which by default is unencrypted) & make sure that at some point this is deleted.

Similar on how sf org login sfdx-url can receive from stdin by using --sfdx-url-stdin like echo "force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>" | sf org login sfdx-url --sfdx-url-stdin. Which on this case is a secret as well because it contains the refresh token & client secret.

Example of what was made possible with sfdx-url:

- name: 'Authenticate'
        env:
          SF_AUTH_URL: ${{ secrets.SF_AUTH_URL }}
        run: |
          echo "${{ env.SF_AUTH_URL }}" | sf org login sfdx-url --set-default --sfdx-url-stdin -