Allow the passphrase to be set via DOPPLER_PASSPHRASE

DopplerHQ / cli

The official CLI for interacting with your Doppler secrets and configuration.

https://docs.doppler.com

Apache License 2.0

221 stars 44 forks source link

Allow the passphrase to be set via DOPPLER_PASSPHRASE #368

Closed watsonian closed 1 year ago

watsonian commented 1 year ago

This adds the ability to set the passphrase to be used when decrypting a fallback file via the DOPPLER_PASSPHRASE environment variable rather than relying solely on the --passphrase flag. This can help reduce the chance that the passphrase will be leaked in bash histories or by viewing process listings.

Closes ENG-5148.

Piccirello commented 1 year ago

@watsonian you'll want to either squash your second commit or prepend chore: to it to avoid it appearing in the changelog. Also for your first commit you may want to rename to Allow the passphrase to Allow fallback passphrase so that it's more clear in the changelog what it's referring to.

watsonian commented 1 year ago

Okay, I think we're good to go once the tests all pass.