> Credentials are stored in lib/credentials.json. This is checked into the repo, so USE A PRIVATE REPO.<p>It's called a "private" repo, not a "secure" repo.<p>The point of a private repo is to give you control over your collaborators. It is not to provide information security. To my knowledge, Github makes no special promises about the security of private repos. The data is not encrypted on disk at Github, and Github staff can access the content of your repo.<p>I WOULD NOT UPLOAD SECRETS INTO A GITHUB PRIVATE REPO.
It's worth noting here (though many people have in different ways already) that the reason you should not put credentials in any git repo (private or public) is that inevitably when you share repos with third party services (A CI for instance) you are also giving them credentials as a result and exposing one more vulnerability in the case that they get hacked or otherwise don't store things in an encrypted manner.<p>Because Github makes it so easy to give developers read access to repos this happens more often that you would realize, and having your most sensitive credentials (banking username and password) exposed in a repo to several different vendors is NEVER a good practice.<p>It's fine if you're going to use this but at least properly encrypt the secrets, or add your creds in a different file and gitignore it at the least if you're too lazy to use something like vault, credstash etc.<p>The reality is you're only as strong as your weakest link and there is just no use in having your weakest link be a relative unknown<p>Source: I built a Plaid competitor once upon a time (that obviously did not work out as well for me as it did for them) and I am currently building a bank, so I know a few things about security and vulnerabilities
> <i>Credentials are stored in lib/credentials.json. This is checked into the repo, so USE A PRIVATE REPO. Do not use a public fork and accidentally push your tokens to it! I will not take responsibility for any potential leak of sensitive information.</i><p>It seems like using your CI provider to manage the credentials would be significantly more safe than checking them into even a private repository. For instance, there are several services that will scan or otherwise access your private repos for some purpose or another, and you wouldn't want to accidentally connect them while this is also in the mix.<p>A pre build step that templates the credentials into a file would be pretty easy to set up in most CI systems I've used, but I have no experience in CircleCI. (maybe 10 minutes of tinkering but that's it)<p>Finally I should note, I am not advising anyone to store their financial credentials with any third party. But if you've already made up your mind to do so, at least consider one that's meant to handle secrets in a secure manner.
Author here - this was just a weekend hack and didn't really expect it to show up here, but thanks for the security related feedback. The setup now uses environment variables.
Or instead using spreadsheets just use a self-hosted free software that is dedicate to personal finance analytics <a href="https://github.com/firefly-iii/firefly-iii" rel="nofollow">https://github.com/firefly-iii/firefly-iii</a>
If you are using Google sheets to store your budget, checkout <a href="https://byobudget.com" rel="nofollow">https://byobudget.com</a><p>It lets you record purchases in your spreadsheet via SMS. I should be launching it in the next month or so. It's geared towards people who want just a little more realtime ability for their current budget without switching what they use. If all goes well, I'll be expanding to other integrations (private firefly III instances, YNAB, alternative input methods, etc).<p>Disclaimer: I'm the author.<p>Second disclaimer: Idea shamelessly stolen from a comment on here months ago about what one person does for themself.<p>Also, I'd be interested in finding a couple of beta testers.<p>Edit: Aslo, I'm sorry that it looks atrocious on mobile. Should load pretty quick though ...
Not sure if it's the right place/occasion to ask...<p>I'd love a web application that gives me a one page financial dashboard with:<p>- bank account balance<p>- credit card balance. Due date<p>- list of unusual transactions I should review<p>- all my bills in one place, with amounts due and possibility to click through to see details<p>- list of upcoming schedule payment (ie mortgage, gym membership, phone service) with alert/notification of one will bounce (ie: funds insufficient so I can transfer money to the right account)<p>- upcoming financial obligations<p>Is there such a thing? Ideally self hosted.
If you want more data that what you can probably get from Google Sheets easily, an alternative could be modifying this script to make it output a Beancount[0]-formatted ledger text file.
The format is pretty readable plain-text (and so you could store it on Git to track changes easily) and you can generate nice reports out of it with the Beancount CLIs and a web interface with Fava[1]. Also adds another additional level of self-hosted :)<p>Also Beancount has some nice support for implementing importer scripts inside it if need be, although I haven't played with those yet.<p>[0] <a href="http://furius.ca/beancount/" rel="nofollow">http://furius.ca/beancount/</a>
[1] <a href="https://beancount.github.io/fava/" rel="nofollow">https://beancount.github.io/fava/</a>
Reminder that Plaid doesn't know what their doing when it comes to security: <a href="https://github.com/plaid/link/issues/68" rel="nofollow">https://github.com/plaid/link/issues/68</a>
Note that asking people not to commit credentials.json doesn’t work very well in practice:<p><a href="https://github.com/search?o=desc&q="credentials.json"&s=committer-date&type=Commits" rel="nofollow">https://github.com/search?o=desc&q="credentials.json"&s=comm...</a>
I would recommend against letting Google know anything about your finances. Maybe try self-hosted solutions that are open source, like Firefly III.<p><a href="https://github.com/firefly-iii/firefly-iii" rel="nofollow">https://github.com/firefly-iii/firefly-iii</a>
<a href="https://gnucash.org/" rel="nofollow">https://gnucash.org/</a> is a mature project that allows you to manage expenses & assets, perform analytics, and doesn't require supplying personal information to third parties (plaid in this case)
If you want to do this without giving your data to any third party (plaid will store your data) or you have 2FA enabled on your FI accounts, try this: <a href="https://github.com/skhavari/cheddardog" rel="nofollow">https://github.com/skhavari/cheddardog</a>.<p>It supports a few institutions. If you're a developer, its pretty easy to add more. It generates spending and balance reports, and pretty easy to slap an app (E2E encrypted of course) or local only web UI on top of it.<p>Enjoy
I'd be enormously hesitant in relying on a B2B product for such an important part of my life. Forget the security concerns, my concern is the company cutting off access for spurious reasons.<p>If they could sell me access at a price less than $500+ a month, I'd be more inclined to trust them.
This is a nice kickstart for something that has been on my todo list for a while.<p>Cashflow forecasting is important for my family budget and my small business. My cashflow fluctuates quite a bit. Some months I'll bring in 90k, some months nothing. I have really high expenses for such a small business because I travel and pay contractors.<p>So far I've been doing this by hand, and trying to use features in Xero, plus a few expensive tools online that integrate with Xero (which do not deserve a free advertisement so I won't name them). I finally figured out if I want cash flow forecasting done right for me I'm going to have to do it myself.
It's interesting to me that the front end is using jQuery considering the author is the vuejs creator.<p>It looks interesting though, I have been meaning to make a little budgeting app for myself recently so this will be a good start at the least!
This is great -- I'll be tying this in to my budget calendar spreadsheet that I've been using for the last few months to have a solid grasp of how purchases I make will impact me in the future; I have a template with some example usage of it available at <a href="https://docs.google.com/spreadsheets/d/12mkQzq22eM8HHdJVJ_JmcvaRJlKf--f9oKKp1uEEYxo/edit?usp=sharing" rel="nofollow">https://docs.google.com/spreadsheets/d/12mkQzq22eM8HHdJVJ_Jm...</a> if anyone is interested.
> You will first need to sign up for Plaid and apply for the development plan.<p>I guess I'm not the target audience. The only reason I would even consider building something like this is so that I'm in full control. I have no idea what Plaid is. All I know for sure is that I don't want to sign up for it and also introduce a major dependency. I don't understand what the advantage is over Mint. I get to do more work and not be in control. Usually you can only get one of those.
I'm doing something similar to power an e-ink based display in my house. I see about 24 hours of delay on the transaction API using the free tier which is the only shortcoming of this approach. The Plaid API is very nice.<p>Does anyone know if the production (non-free) level reduces the delay?
Regarding this part,<p><i>connect to your financial institutions to generate access tokens</i><p>Are these generally offered across EU? I know I haven't found a way to get access for a couple of my local (EU-based) banks I checked with, but unsure about the rest of the continent.
If you are looking for a more "packaged" integration with Google Sheets, check out BudgetSheet: <a href="https://www.budgetsheet.net" rel="nofollow">https://www.budgetsheet.net</a><p>It is a Google Sheets Add-on found in the G Suite Marketplace.<p>Disclaimer: I am the author. It is currently under review by Google and awaiting publication. There is an email sign at the bottom of the page if you want to be notified at launch. :)
<a href="https://www.tillerhq.com/" rel="nofollow">https://www.tillerhq.com/</a><p>This is another service like this. I've been using them for around 6 months and haven't had any trouble with them.
does google really need all your financial info too? could you not do this in <a href="https://ethercalc.net/" rel="nofollow">https://ethercalc.net/</a> or even just a csv that you could import/export to a spreadsheet app of your choice?<p>the appeal of a personal mint is to not share all my financial info with third-party companies, not to keep from paying a few bucks for a useful service.
My first thought, seeing the title: the Liberty Dollar.[0]<p>tl;dr - In the US, it's illegal to mint your own money.<p>0) <a href="http://libertydollar.org/" rel="nofollow">http://libertydollar.org/</a>