1

Desired:

How do I pass the value to -p <parameter value> ("password") without putting it in the command line in clear text which would eventually be stored in the bash_history? Can it be stored in a file and cat <file> the password?

Actual:

The password is shown in the command line bash_history.

Usage:

sh test.sh -u username -p password

Code:

#!/bin/sh


OPTS=`getopt -o up: --long username,password -n 'parse-options' -- "$@"`
DOCKER_OPTS=""

while true; do
  case "$1" in
    -u | --username) 
             USER="$2"; shift; shift;;
    -p | --password) 
            PASS="$2"; shift;  shift ;;
    * ) break ;;            
  esac
done



if [ -z "$USER" ] || [ -z "$PASS" ] ; then
    echo "username and pass not defined"

else
    echo "username and password defined"

fi
Improve this question
5
  • Generally speaking, you don't have a password option. You have test.sh read the password directly from the terminal. read -s password < /dev/tty. (Drop -s if you need POSIX compatibility, though you'll want to use stty in that case to enable/reenable echoing.) Commented Apr 16, 2019 at 18:39
  • 1
    You can either read password from terminal or retrieve password from a global env variable. Commented Apr 16, 2019 at 18:40
  • how would you read the password from the terminal without actually entering the password in the command line? Commented Apr 16, 2019 at 19:05
  • 1
    You type the password, but it never shows up anywhere except in the memory space of the process reading from the terminal. (The purpose of -s or appropriate use of stty prevents what you are typing from being echoed back to the terminal, keeping the password hidden from anyone looking at your screen.) Commented Apr 16, 2019 at 19:14
  • 4
    Possible duplicate of How to get a password from a shell script without echoing, Hiding user input on terminal in Linux script, How to make bash script ask for a password?, etc. Commented Apr 16, 2019 at 20:47

1 Answer 1

Reset to default
-1

Ok i found the answer.. sorry

sh test.sh -u username -p $(< pass.txt)
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Nope; after the command substitution has been expanded, the value read from pass.txt will be visible via tools like ps.
could you provide an example using ps? This would be used more for localized testing rather than production environment.
A simple ps will suffice. If I put foo in pass.txt, then run sh test.sh $(<pass.txt) (with test.sh simply running sleep to give me time to run ps), ps shows sh tmp.sh foo, not sh tmp.sh $(<pass.txt).
but if it's locally running this script could you see foo after the execution of the script? ps would only be usable during the execution of the script. Either way you could find the password if you know the path of the text file.
No, but accepting insecure code because it probably won't leak your password is terrible practice. If test.sh needs a password, let it ask for it.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.