Open robin-nitrokey opened 1 year ago
to bring this forward the next step here is to come up with a complete list of pins/passwords used in pynitrokey and have a proper suggestion how these can be provided alternatively.
As a start the CLI_LOG_BLACKLIST in confconst.py
could be used, containing:
However digging around the related issues this list is not complete as it at least misses secrets add-password --password TEXT
and maybe some others too.
As discussed earlier, the default input method for PINs, passwords and other secrets should be interactive prompts. To allow scripting, environment variables should be supported too. Command-line arguments should be removed as they are at a higher risk to end up in process lists, shell histories, logs, etc.
See also: