UX: add the possibility to give the password as an argument.
ranomier opened this issue · comments
Decrypt using password as an flag/option and giving the password as an argument
What were you trying to do
writing a script that takes my password as an argument and decrypts multiple files at once.
What happened
# age -d -p <password> -o <output> <input>
Error: too many arguments: ["<password>" "-d" "-o" "<output>" "input"].
This is not a good idea from a security standpoint. That would leave a plain text password as part of a command line that then leaks into shell history, is visible in the system process list, and many other places. There are lots of (fairly) secure ways to script passing secrets, but this isn't one of them.
Make it an environment variable.
But from a security standpoint having a key file isn't more secure. It can lay around on file systems usw.
And i want still to input the password interactive. I just want to run one command to decrypt multiple files.
#!/usr/bin/env bash
read var #user input
export PASSWORD=$var
age -d -p -o <output> <input>
age -d -p -o <output2> <input2>
age -d -p -o <output3> <input3>
Ok if its dublicate, i shall close it :)
Thanks 👍