Allow reading headers, instead of data, on standard input. (In particular, allowing the secure input of Authorization: Bearer ... etc, without interactive-mode input.)
Two possibilities to achieving this that I'm seeing off the top of my head,
httpie --auth -, which only really helps with authentication,
http pie.dev/headers X-Data:-, which is a little clumsier, but is more generalizable
Problem it solves
To avoid including sensitive authentication tokens on the command-line, you provide httpie --auth, which prompts for those values.
Unfortunately, that's not scriptable — so for automated tasks (e.g. when the secret is from an automated source, and not in your clipboard), you're stuck with the insecure-and-shown-in-ps positionals approach.
Additional information, screenshots, or code examples
It's worth noting that curl has this capability in the form of passing - to the -K flag, whence this Issue:
curl --request GET \
--url "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/page_shield/connections" \
-K- <<<'--header "Authorization: Bearer '"$(passage get api/cloudflare/read/token)"'"'
Checklist
Enhancement request
Allow reading headers, instead of data, on standard input. (In particular, allowing the secure input of
Authorization: Bearer ...
etc, without interactive-mode input.)Two possibilities to achieving this that I'm seeing off the top of my head,
httpie --auth -
, which only really helps with authentication,http pie.dev/headers X-Data:-
, which is a little clumsier, but is more generalizableProblem it solves
To avoid including sensitive authentication tokens on the command-line, you provide
httpie --auth
, which prompts for those values.Unfortunately, that's not scriptable — so for automated tasks (e.g. when the secret is from an automated source, and not in your clipboard), you're stuck with the insecure-and-shown-in-
ps
positionals approach.Additional information, screenshots, or code examples
It's worth noting that curl has this capability in the form of passing
-
to the-K
flag, whence this Issue: