Open rshigapov-bhft opened 2 months ago
loyd
commented
2 months ago I agree (although you can prepend space to avoid adding to history, although it only works in some places).
How is it usually implemented in CLI? We cannot run an interactive prompt if -p is missing because it means "no password required" now. -p - usually means "see stdin".
Would you happen to have any suggestions here?
rshigapov-bhft
commented
2 months ago For example, PostgreSQL provides --password flag to force password prompt even if authentication method doesn't require a password.
If stdin is exclusively reserved for passwords then it will be convenient to use the tool in automation scripts, Ansible playbooks or to retrieve password from a password manager.
Space prepending is not convenient because there are many arguments to configure and one might need to run the command more then once.
Cleartext password argument can be logged in shell history.
Interactive prompt with suppressed echo is a more secure way to enter password.