Hammer-cli auth with private/public key auth?

I’m using hammer locally on a satellite 6.11 server in both cron-jobs and manually in scripts.
Username and password are stored in plain text in ~/.hammer/cli.modules.d/foreman.yml

What is the correct way of doing this to prevent the password being stored in plain text like this, and still able to run hammer without prompting for authentication input from the shell?

hammer (



I think there are more options, however I’d use personal access token for this. I’m afraid it’s still not documented (other asked before at API access via Personal Access Tokens - #2 by Marek_Hulan). You can create the PAT when you edit you profile and use that token instead of a password. The token would be still in plain text of course. Token can be set to expire and can be invalidated though a rake task if needed. The other option may be kerberos (cc @ofedoren)

Thank you Marek.
I just testet this, and it seems like an acceptable middle ground solution for us for the time being.
Much obliged.