Basic authentication can be used when combined with the "simplestreams" protocol:
incus remote add some-name https://LOGIN:PASSWORD@example.com/some/path --protocol=simplestreams
This works fine. However, the username and password are shown in the clear in incus remote list, and also in incus image info <fp> (under “Source”)
Obviously the creds are .config/incus/config.yml but I wonder if it’s worth hiding them in the incus CLI output - I do have a tendency to copy-paste this stuff into examples. Also, a very long random password would make a very wide column in incus remote list.
Hmm, I don’t know. On the one hand it would make rendering cleaner indeed, on the other hand, you’re supposed to be able to use incus remote list to see it’s an old password and then use set-url to fix it. This would be made a bit harder if the URL is mangled to remove the credential.
But maybe we can hide them by default and make them show up with --verbose or something like that. And limit the mangling to just the list and compact views, so someone scripting with json/yaml/csv would still get the full value.
For incus image info that one we definitely won’t do anything about as there are plenty of other ways to see that information as it’s just stored as part of every image record on the server (so the server knows how to refresh them) and it will also leak in any error and possibly even some progress messages sent during interactions with the image server.