eqyiel
commented
7 years ago @ejsmit, do you know about command substitution?
For example, echo $(head -n 1 ~/.secure/password-file) - you can probably achieve what you want like this.
Closed ejsmit closed 7 years ago
eqyiel
commented
7 years ago @ejsmit, do you know about command substitution?
For example, echo $(head -n 1 ~/.secure/password-file) - you can probably achieve what you want like this.
overheadhunter
commented
7 years ago We will implement this eventually. But as the workaround provided by eqyiel works just fine, this isn't our highest priority right now.
FZachlod
commented
7 years ago @eqyiel @overheadhunter command line substitution is fine but the password will show up in the process list so any user that has access to the system can see the password of the currently open vaults. this is a major security breach. the programm should either be able to read the password from a file, accept it from stdin or read it from an environment variable.
overheadhunter
commented
7 years ago Fixed by PR #9.
To prevent passwords being visible in automation scripts I would like to be able to specify the name of a file containing the password instead of the actual password itself on the command line. This means other people can look at the script itself and not see any passwords. The script itself can even be publicly version controlled as long as the password file remains secure.
Many other tools allow this, with the password file typically placed in a chmod 700 folder (I currently use ~/.secure for other software tools) with chmod 600 permissions on the file itself (something for the docs maybe)