This is an abbreviated, more specific version of #364 originally filed by @KimBrodowski.
Some environments interactively set up users using rabbitmqctl add_user and related commands but provide no way to hide the value from other users who have access to the same process list.
They all can be considered more complex for various reasons.
Making passwords optional for the few commands that accept them and reading values from standard input would make passing sensitive plain text values less prone to proces list eavesdropping. It can be supplemented by a --non-interactive switch that would fail argument validation instead of falling back to reading from stdin.
Some examples:
# works the same way it does today
rabbitmqctl add_user "username$1" "secret"
# ditto
rabbitmqctl add_user "username$1" "secret" --interactive
# prompts for password via stdin, --interactive is enabled by default
rabbitmqctl add_user "username$1" --interactive
# fails because of the missing password
rabbitmqctl add_user "username$1" --non-interactive
This is an abbreviated, more specific version of #364 originally filed by @KimBrodowski.
Some environments interactively set up users using
rabbitmqctl add_user
and related commands but provide no way to hide the value from other users who have access to the same process list.There are some alternatives available:
They all can be considered more complex for various reasons.
Making passwords optional for the few commands that accept them and reading values from standard input would make passing sensitive plain text values less prone to proces list eavesdropping. It can be supplemented by a
--non-interactive
switch that would fail argument validation instead of falling back to reading from stdin.Some examples: