From 4049c8de14e67e550ec270f5b52d078ba6c3819a Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Sun, 16 Nov 2025 14:55:33 +0100
Subject: [PATCH 1/3] docs: nudge users into using partially encrypted config
 files

---
 README.md | 39 +++++++++++----------------------------
 1 file changed, 11 insertions(+), 28 deletions(-)

diff --git a/README.md b/README.md
index 9bcf06de..9e7fd01f 100644
--- a/README.md
+++ b/README.md
@@ -76,18 +76,17 @@ Optionally, if you want to grant write access so `git-node` can write comments:
 
 You can also edit the permission of existing tokens later.
 
-After the token is generated, create an rc file with the following content:
-(`~/.ncurc` or `$XDG_CONFIG_HOME/ncurc`):
-
-```json
-{
-  "username": "your_github_username",
-  "token": "token_that_you_created"
-}
+After the token is generated, you can give it to NCU using:
+
+```sh
+ncu-config set username your_github_username
+# It is strongly recommended to encrypt your token. Do not provide it in the CLI,
+# `ncu-config` will prompt you for it.
+ncu-config set -x token
 ```
 
-Note: you could use `ncu-config` to configure these variables, but it's not
-recommended to leave your tokens in your command line history.
+Note: Encryption is available only if you have `gpg` setup on your machine. If
+not, do not pass the `-x` flag.
 
 ### Setting up Jenkins credentials
 
@@ -108,28 +107,12 @@ To obtain the Jenkins API token
    `~/.ncurc.gpg` or `$XDG_CONFIG_HOME/ncurc.gpg`) with `jenkins_token` as key,
    like this:
 
-   ```json
-   {
-     "username": "your_github_username",
-     "token": "your_github_token",
-     "jenkins_token": "your_jenkins_token"
-   }
+   ```sh
+   ncu-config set -x jenkins_token
    ```
 
 ### Protecting your credentials
 
-If you have `gpg` installed and setup on your local machine, it is strongly recommended
-to store an encrypted version of this file:
-
-```console
-$ gpg --default-recipient-self --encrypt ~/.ncurc
-$ rm ~/.ncurc
-```
-
-The credentials are now encrypted in `~/.ncurc.gpg` and everytime it's needed,
-node-core-utils will invoke `gpg` that may ask you to decrypt it using
-your default key via pinentry.
-
 Put the following entries into your
 [global `gitignore` file](https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreexcludesFile)
 (`$XDG_CONFIG_HOME/git/ignore` or a file specified by `core.excludesFile`). For example:

From ab688cc7a3a23a10f6c3f86a44dbc46ae60c1382 Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Tue, 9 Dec 2025 23:27:09 +0100
Subject: [PATCH 2/3] Split token suggestions in 2

---
 README.md | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 9e7fd01f..60eb7b0b 100644
--- a/README.md
+++ b/README.md
@@ -78,15 +78,27 @@ You can also edit the permission of existing tokens later.
 
 After the token is generated, you can give it to NCU using:
 
+<details open name="set-token"><summary>With encryption (Recommended)</summary>
+
 ```sh
 ncu-config set username your_github_username
-# It is strongly recommended to encrypt your token. Do not provide it in the CLI,
-# `ncu-config` will prompt you for it.
+# Do not provide the token in the CLI, `ncu-config` will prompt you for it.
 ncu-config set -x token
 ```
 
-Note: Encryption is available only if you have `gpg` setup on your machine. If
-not, do not pass the `-x` flag.
+Note: Encryption is available only if you have `gpg` setup on your machine.
+
+</details>
+
+<details name="set-token"><summary>Without encryption</summary>
+
+```sh
+ncu-config set username your_github_username
+# Do not provide the token in the CLI, `ncu-config` will prompt you for it.
+ncu-config set token
+```
+
+</details>
 
 ### Setting up Jenkins credentials
 

From 9dc54d431d6d8ff9b0b009504503bdfe7d34fb04 Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Thu, 11 Dec 2025 16:16:20 +0100
Subject: [PATCH 3/3] fixup!

---
 README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/README.md b/README.md
index 60eb7b0b..007f400e 100644
--- a/README.md
+++ b/README.md
@@ -119,10 +119,23 @@ To obtain the Jenkins API token
    `~/.ncurc.gpg` or `$XDG_CONFIG_HOME/ncurc.gpg`) with `jenkins_token` as key,
    like this:
 
+   <details open name="set-jenkins-token"><summary>With encryption (recommended)</summary>
+   
    ```sh
    ncu-config set -x jenkins_token
    ```
 
+   Note: Encryption is available only if you have `gpg` setup on your machine.
+
+   </details>
+   <details name="set-jenkins-token"><summary>Without encryption</summary>
+   
+   ```sh
+   ncu-config set jenkins_token
+   ```
+
+   </details>
+
 ### Protecting your credentials
 
 Put the following entries into your