GitHubScrambler

A GitHub authentication token that is slightly scrambled (and NOT SECURE).

Though the scrambling uses encryption, it is not actually stored securely, and can be obtained relatively easily by others. Even if GitHubScrambler.KEY and GitHubScrambler.IV were not stored in plaintext, you would eventually have to leak the plaintext token anyway. There is no way around this.

Assume the token is public knowledge: It may be stolen and abused, and it is your responsibility to ensure that the potential for harm is minimised: Use a fine-grained access token that is limited to read/write access for a single repository of a separate user. Do not use your main repo to store issues in, unless you're fine with the worst case of all your issues being deleted. Subscribe to every event in the repository so that you will notice when the token is being abused for spam.

The token is retrieved from a repository, because tokens are only valid for up to one year, but users should be able to report issues even if there has not been an update for more than a year. This means the GitHubScrambler.KEY and GitHubScrambler.IV must not be refreshed between updates, as otherwise previous versions will be unable to unscramble the token.