secrets: providing password through cli is bad

Nitrokey / pynitrokey

Python client for Nitrokey devices

Apache License 2.0

94 stars 28 forks source link

secrets: providing password through cli is bad #492

Closed daringer closed 6 months ago

daringer commented 6 months ago

A user reported:

Using Password Safe via CLI isn't particularly convenient. When I use the command "secrets add-password --password TEXT", it saves the password into the zsh/bash history.

perfectly true. The consequence should be that pynitrokey should provide a more secure way to pass passwords.

robin-nitrokey commented 6 months ago

https://github.com/Nitrokey/pynitrokey/issues/401

daringer commented 6 months ago

arrrr, forgot about this one, closing this then in favor of #401