Hiding User Input on Terminal in Linux Script

Hiding user input on terminal in Linux script

Just supply -s to your read call like so:

$ read -s PASSWORD
$ echo $PASSWORD

How to get a password from a shell script without echoing

Here is another way to do it:

#!/bin/bash
# Read Password
echo -n Password: 
read -s password
echo
# Run Command
echo $password

The read -s will turn off echo for you. Just replace the echo on the last line with the command you want to run.

In some shells (e.g. bash) read supports -p prompt-string which will allow the echo and read commands to be combined.

read -s -p "Password: " password

Terminal input hidden after interrupting 'read -s'

Add stty sane to your signal handler so that it restores the terminal to its default state:

sig_handler() {
  echo "SIGINT received"
  stty sane
  exit 1
}

How to read hidden input from terminal and pipe it to another command

Is this what you wanted to achieve ?

$ read -s       # I type `secret`
$ echo $REPLY
secret
$ printf %s $REPLY | wc -c
6
$ unset REPLY
$ echo $REPLY
# empty now

Or you want one-liner like this :

{ read -s -p "Input a secret: "; printf %s $REPLY; } | wc -c

If you define an alias :

alias readp='{ read -s -p "Input a secret: "; printf %s $REPLY; }'

then you can do readp | wc -c

How to hide my input on my terminal?

You could clear the terminal after a message has been sent and reprint the whole chat afterwards.

hide the bash input in terminal

If you use clear (or tput clear or printf \\ec), the old contents are shown if you scroll up:

tell application "Terminal"
    do script " clear; pwd"
    activate
end tell

This can have a noticeable delay if System Events is not running:

tell application "Terminal"
    do script " osascript -e 'tell app \"system events\" to keystroke \"k\" using command down'; pwd"
    activate
end tell

Hiding secret from command line parameter on Unix

1. First, you can NOT hide command line arguments. They will still be visible to other users via ps aux and cat /proc/$YOUR_PROCESS_PID/cmdline at the time of launching the program (before the program has a chance to do run-time changes to arguments). Good news is that you can still have a secret by using alternatives:

2. Use standard input:

    mySecret='hello-neo' printenv mySecret | myCommand
   

3. Use a dedicated file if you want to keep the secret detached from the main script (note that you'd be recommended to use full disc encryption and make sure the file has correct chmod permissions):

    cat /my/secret | myCommand
   

4. Use environment variables (with caveats). If your program can read them, do this:

    mySecret='hello-neo' myCommand
   

5. Use temporary file descriptor:

    myCommand <( mySecret='hello-neo' printenv mySecret )
   

In the last case your program will be launched like myCommand /dev/fd/67, where the contents of /dev/fd/67 is your secret (hello-neo in this example).

---

In all of the above approaches, be wary of leaving the command in bash command history (~/.bash_history). You can avoid this by either running the command from a script (file), or by interactively prompting yourself for password each time:

read -s secret
s=$secret printenv s | myCommand  # approach 2
myCommand <( s=$secret printenv s )  # approach 3
secret=$secret myCommand  # approach 4
export secret && myCommand  # another variation of approach 4

---

Related Topics