From c5f715c4d9b2aac2fed00c9b3619df5fe19cb0ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 11:31:56 +0100
Subject: [PATCH 1/8] doc: api key management

---
 doc/credentials.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/credentials.md b/doc/credentials.md
index 936d76d..ded35a1 100644
--- a/doc/credentials.md
+++ b/doc/credentials.md
@@ -35,6 +35,10 @@ You can delete the API key any time with:
 dinamis_cli delete
 ```
 
+You can revoke a single API key using ```dinamis_cli revoke``` or all API keys 
+with ```dinamis_sdk revoke-all```. You can create new API key with 
+```dinamis_sdk create```.
+
 ## Signed URLs expiry
 
 The signed URLs for STAC objects assets are valid during 7 days starting after 

From 712bcb9b7468419dd9108a79b48f51163ad6ec1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 12:06:52 +0100
Subject: [PATCH 2/8] doc: enrich api key usage

---
 README.md          |  6 ++---
 doc/credentials.md | 62 +++++++++++++++++++++++++++++++++++++++++-----
 doc/index.md       |  4 +--
 3 files changed, 61 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index b6bdc27..9708ced 100644
--- a/README.md
+++ b/README.md
@@ -11,9 +11,9 @@
 <img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg">
 </a>
 
-Largely inspired from *Microsoft Planetary Computer SDK*, **Dinamis-SDK** is 
-built on the STAC ecosystem to provide an easy access to remote sensing imagery
-and thematic products of the **THEIA/DINAMIS data center of Montpellier**.
+Largely inspired from the *Microsoft Planetary Computer SDK*, **Dinamis-SDK** is 
+built on the STAC ecosystem to provide easy access to remote sensing imagery
+and thematic products of the [THEIA-MTP geospatial data center](https://home-cdos.apps.okd.crocc.meso.umontpellier.fr/).
 
 ```python
 import dinamis_sdk
diff --git a/doc/credentials.md b/doc/credentials.md
index ded35a1..336ae3f 100644
--- a/doc/credentials.md
+++ b/doc/credentials.md
@@ -15,9 +15,23 @@ HTTP link, or scan the QR-code.
 The credentials are valid for 5 days. Every time `dinamis_sdk.sign_inplace()` 
 is called, the credentials are renewed for another 5 days. After 5 days idle, 
 you will have to log in again.
+If you want something more persistent, or that you can use on several 
+computers, you should use and API key.
 
 ## API key
 
+API key allow to sign URLs without being authenticated with the single sign on.
+Typically, you can use an API key on several machines without having to 
+authenticate each time you want to use the SDK.
+Since version 0.3.0, the SDK provides a command line interface (`dinamis_cli`) 
+which enables to manage API keys.
+The SDK can read the API key in two ways:
+
+- From user settings file
+- From environment variables
+
+### From user settings file
+
 Use `dinamis_cli` to register an API key, that will be created and stored into 
 your local home directory.
 
@@ -25,23 +39,59 @@ your local home directory.
 dinamis_cli register
 ```
 
-Just follow the instructions to login a single time, then the API key can be 
+Typically on linux the generated API key will be stored in 
+`/home/username/.config/dinamis_sdk_auth/.api_key`. Optionally you can override 
+the parent directory setting `DINAMIS_SDK_SETTING_DIR`.
+
+Just follow the instructions to log in a single time, then the API key can be 
 used forever on your local computer. You can duplicate the API key file on 
 other computers.
 
-You can delete the API key any time with:
+You can delete the registered API key with:
 
 ```commandline
 dinamis_cli delete
 ```
 
-You can revoke a single API key using ```dinamis_cli revoke``` or all API keys 
-with ```dinamis_sdk revoke-all```. You can create new API key with 
-```dinamis_sdk create```.
+### From environment variables
+
+You can create new API key with:
+
+```commandline
+dinamis_cli create
+```
+
+!!! Warning
+
+    Note that once created, you won't be able to retrieve the secret key 
+    anymore. 
+
+You can then use the access and secret keys setting `DINAMIS_SDK_ACCESS_KEY` 
+and `DINAMIS_SDK_SECRET_KEY`. 
+
+### API key management
+
+List all generated API keys:
+
+```commandline
+dinamis_cli list
+```
+
+Revoke a single API key:
+
+```commandline
+dinamis_cli revoke
+```
+
+Revoke all generated API keys:
+
+```commandline
+dinamis_cli revoke-all
+```
 
 ## Signed URLs expiry
 
-The signed URLs for STAC objects assets are valid during 7 days starting after 
+The signed URLs for STAC objects assets are valid during 8 hours after 
 `dinamis_sdk.sign_inplace` is called. 
 
 !!! Info
diff --git a/doc/index.md b/doc/index.md
index bfb4267..19de016 100644
--- a/doc/index.md
+++ b/doc/index.md
@@ -30,8 +30,8 @@ pip install dinamis-sdk
 
 ## Quickstart
 
-This library assists with signing STAC items assets URLs from the THEIA-MTP 
-Geospatial Data Infrastructure.
+This library assists with signing STAC items assets URLs from the [THEIA-MTP 
+geospatial data center](https://home-cdos.apps.okd.crocc.meso.umontpellier.fr/).
 The `sign_inplace` function operates directly on an HREF string, as well as 
 several [PySTAC](https://github.com/stac-utils/pystac) objects: `Asset`, `Item`, and `ItemCollection`. 
 In addition, the `sign_inplace` function accepts a [STAC API Client](https://pystac-client.readthedocs.io/en/stable/) 

From 9d2d1442f32e2a6caf43ea037f69d3d2b6f9a3fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 12:07:12 +0100
Subject: [PATCH 3/8] enh: use api key from env vars

---
 dinamis_sdk/settings.py | 2 ++
 dinamis_sdk/utils.py    | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/dinamis_sdk/settings.py b/dinamis_sdk/settings.py
index 37ba8b3..e56a071 100644
--- a/dinamis_sdk/settings.py
+++ b/dinamis_sdk/settings.py
@@ -10,3 +10,5 @@ class Settings(BaseSettings):
     dinamis_sdk_bypass_api: str = ""
     dinamis_sdk_token_server: str = ""
     dinamis_sdk_settings_dir: str = ""
+    dinamis_sdk_access_key: str = ""
+    dinamis_sdk_secret_key: str = ""
\ No newline at end of file
diff --git a/dinamis_sdk/utils.py b/dinamis_sdk/utils.py
index bcc93e7..663d49d 100644
--- a/dinamis_sdk/utils.py
+++ b/dinamis_sdk/utils.py
@@ -52,7 +52,11 @@
     except json.decoder.JSONDecodeError:
         log.warning("Stored API key file is invalid. Deleting it.")
         os.remove(APIKEY_FILE)
-
+if settings.dinamis_sdk_access_key and settings.dinamis_sdk_secret_key:
+    APIKEY = {
+        "access-key": settings.dinamis_sdk_access_key,
+        "secret-key": settings.dinamis_sdk_secret_key
+    }
 
 def create_session(
         retry_total: int = 5,

From ba778bfb4099a05ff1e34fd045ef2e7a20e27a55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 12:07:22 +0100
Subject: [PATCH 4/8] bump version

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 6f8d10f..ed9603f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "dinamis-sdk"
 authors = [{name = "inrae", email = "remi.cresson@inrae.fr"}]
-version = "0.3.1"
+version = "0.3.2"
 description = "DINAMIS SDK for Python"
 requires-python = ">=3.7"
 dependencies = [

From 10bc3ad0cc72b0dfd215e58262b7b935a0b63237 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 12:38:33 +0100
Subject: [PATCH 5/8] test api key management and from env var

---
 .gitlab-ci.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c85b6e7..249e5f3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -97,9 +97,19 @@ API key Tests:
   extends: .tests_base
   script:
     - dinamis_cli register
+    - mv /root/.config/dinamis_sdk_auth/.token /root/.config/dinamis_sdk_auth/.token_
     - python tests/test_spot-6-7-drs.py
     - python tests/test_super-s2.py
     - python tests/test_push.py
+    - mv /root/.config/dinamis_sdk_auth/.token_ /root/.config/dinamis_sdk_auth/.token
+    - dinamis_cli delete
+    - toto=$(dinamis_cli create 2>&1)
+    - mv /root/.config/dinamis_sdk_auth/.token /root/.config/dinamis_sdk_auth/.token_
+    - export DINAMIS_SDK_ACCESS_KEY=$(echo $toto | cut -d"'" -f4)
+    - export DINAMIS_SDK_SECRET_KEY=$(echo $toto | cut -d"'" -f8)
+    - python tests/test_spot-6-7-drs.py
+    - mv /root/.config/dinamis_sdk_auth/.token_ /root/.config/dinamis_sdk_auth/.token
+    - dinamis_sdk revoke $DINAMIS_SDK_ACCESS_KEY
 
 # --------------------------------- Ship --------------------------------------
 

From 52ec935650eec3d95bd6ccf5e5daf3afc7a4c353 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 12:38:55 +0100
Subject: [PATCH 6/8] api key deletion w/o revoke

---
 dinamis_sdk/cli.py | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/dinamis_sdk/cli.py b/dinamis_sdk/cli.py
index f900afa..dd2582a 100644
--- a/dinamis_sdk/cli.py
+++ b/dinamis_sdk/cli.py
@@ -64,14 +64,10 @@ def revoke_all():
 
 
 @app.command(help="Revoke an API key")
-@click.option(
-    "--key",
-    prompt="Please enter the access key to revoke",
-    help="Access key to revoke",
-)
-def revoke(key: str):
+@click.argument("access_key")
+def revoke(access_key: str):
     """Revoke an API key."""
-    revoke_key(key)
+    revoke_key(access_key)
 
 
 @app.command(help="Get and store an API key")
@@ -83,9 +79,15 @@ def register():
 
 
 @app.command(help="Delete the stored API key")
-def delete():
+@click.option("--dont-revoke", default=False)
+def delete(dont_revoke):
     """Delete the stored API key."""
     if os.path.isfile(APIKEY_FILE):
+        if not dont_revoke:
+            with open(APIKEY_FILE, encoding='UTF-8') as json_file:
+                api_key = json.load(json_file)
+                if "access-key" in api_key:
+                    revoke_key(api_key["access-key"])
         os.remove(APIKEY_FILE)
         log.info(f"File {APIKEY_FILE} deleted!")
     else:

From f6fb16a6fdff715ab0b49dc9047c1478bd00904e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 12:43:05 +0100
Subject: [PATCH 7/8] sty: newline

---
 dinamis_sdk/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dinamis_sdk/settings.py b/dinamis_sdk/settings.py
index e56a071..4940795 100644
--- a/dinamis_sdk/settings.py
+++ b/dinamis_sdk/settings.py
@@ -11,4 +11,4 @@ class Settings(BaseSettings):
     dinamis_sdk_token_server: str = ""
     dinamis_sdk_settings_dir: str = ""
     dinamis_sdk_access_key: str = ""
-    dinamis_sdk_secret_key: str = ""
\ No newline at end of file
+    dinamis_sdk_secret_key: str = ""

From f9f8a38309175e16d0c64a5a5bce3dd4402eee8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi?= <remi.cresson@inrae.fr>
Date: Sun, 24 Nov 2024 12:43:18 +0100
Subject: [PATCH 8/8] fix test

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 249e5f3..300962e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -109,7 +109,7 @@ API key Tests:
     - export DINAMIS_SDK_SECRET_KEY=$(echo $toto | cut -d"'" -f8)
     - python tests/test_spot-6-7-drs.py
     - mv /root/.config/dinamis_sdk_auth/.token_ /root/.config/dinamis_sdk_auth/.token
-    - dinamis_sdk revoke $DINAMIS_SDK_ACCESS_KEY
+    - dinamis_cli revoke $DINAMIS_SDK_ACCESS_KEY
 
 # --------------------------------- Ship --------------------------------------