microsoft / terminal

The new Windows Terminal and the original Windows console host, all in the same place!

MIT License

95.2k stars 8.26k forks source link

Hide/obfuscate sensitive data like passwords copied from clipboard #14218

Open daafonsecato opened 1 year ago

daafonsecato commented 1 year ago

Description of the new feature/enhancement

When we use a password manager we always use the clipboard to paste passwords in the terminal when doing ssh (password authentication) or running commands as a Privileged User but if we paste the password multiple times the password would be visible

Proposed technical implementation details (optional)

Create a feature to enable users to input a regex pattern so that when text is copied from the clipboard the Windows Terminal replaces that sensitive information with non-word characters (*/#, or even not show anything at all) after paste.

A different way would be an integration with password managers to input data without using the clipboard.

carlos-zamora commented 1 year ago

Hmm... ok, so I guess this would work kinda like this...

in a setting, define a regex (or multiple) for suppressed text
on a paste operation, if the regex matches, flag the operation
when the shell tries to output the matching text, suppress it

A few concerns that come to mind:

what if somebody uses this maliciously and tries to suppress all text?
how to handle when the pasted text accidentally matches the regex? Should we always display a little temporary pop-up saying "password suppressed" to make it clear that that happened? Maybe add a "paste anyways" button to that?

Honestly, I see this more as a possible extension that would require access to (1) pasted text and (2) output text. I'm going to mark it up as that.

david8128 commented 1 year ago

For example, when I use VSCode with ssh this is the result in the output as *** This would also be nice, or if you think it should be completely suppressed, it would be fine.

I like the idea of the pop-up, it can confirm that you are pasting one pattern and is actually the password that is intended to be suppressed, and also the option to say, no, it's not a password would be wonderful,

KalleOlaviNiemitalo commented 1 year ago

In addition to regex patterns, this could detect if the clipboard text has been marked as sensitive via the ExcludeClipboardContentFromMonitorProcessing, CanIncludeInClipboardHistory, or CanUploadToCloudClipboard clipboard format as documented in Cloud Clipboard and Clipboard History Formats. Those clipboard formats don't seem to be intended for local obscuring like this, but recognizing them would be more likely to work than defining a separate clipboard format for Windows Terminal and expecting applications to set that.