More actions
We've all been there before. some_command takes a flag for --password or --api_key. The lazy thing to do is just supply the password as part of your command. But there are two big downsides of doing that. First, it goes into your shell's history file and if you just leave it there someone could find it and use it to steal your bits! Second it goes into the process list and is potentially visible to other users on the system who are just viewing the process tree.
Luckily, there's a simple way to solve both of these problems and its called read. Technically, read is not a stand alone executable, but rather a bash builtin. But all the shell's have it or an equivalent. Bash, zsh, fish all have read. Csh/tcsh has $< (works basically the same).
Bash/Zsh Example:
read mypass TYPE_SOME_PASSWORD_HERE some_command --user username --password "$mypass" mypass="" # Reset value after use or just logout
Csh/Tcsh Example:
setenv mypass $< TYPE_SOME_PASSWORD_HERE some_command --user username --password "$mypass" setenv mypass "" # Reset value after use or just logout
With bash read you can even run read -s mypass to be extra super duper secure and hide your password when entering it.
Maybe people know about using read in a script but you can just use it on the CLI too to keep your sensitive credentials or other info out of your bash history & system process list.
Thanks for reading!