Read passphrase from AGE_PASSPHRASE env var if available

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

https://age-encryption.org

BSD 3-Clause "New" or "Revised" License

15.95k stars 482 forks source link

Read passphrase from AGE_PASSPHRASE env var if available #346

Closed Kastilo closed 2 years ago

Kastilo commented 2 years ago

From jjlin's own forked commit of age that allows env var to supply the passphrase for automated encryption processes

https: //github.com/jjlin/age/commit/2afaf7fda78117f1e0b784a8c41f9dea15028316 Co-Authored-By: Jeremy Lin 203380+jjlin@users.noreply.github.com

jjlin commented 2 years ago

I didn't send a PR for this because @FiloSottile seems undecided on whether he wants to add this capability. And if it were really to be implemented, there are a few other places that should read from env var, like the decryption paths.

tbugfinder commented 2 years ago

Especially in a pipeline environment this makes sense to me.

FiloSottile commented 2 years ago

I've decided we won't provide alternative password input methods in cmd/age, but we'll ship them all in a separate plugin, like sshpass. I'll make sure to support an environment variable there, and I'll update discussion #256 when it's ready. See https://github.com/FiloSottile/age/discussions/256#discussioncomment-2638232 for a bit more details. Thank you!