UX: add the possibility to give the password as an argument.

Question

UX: add the possibility to give the password as an argument.

ranomier opened this issue 3 years ago · comments

Ranomier commented 3 years ago

Decrypt using password as an flag/option and giving the password as an argument

What were you trying to do

writing a script that takes my password as an argument and decrypts multiple files at once.

What happened

# age -d -p <password> -o <output> <input>

Error: too many arguments: ["<password>" "-d" "-o" "<output>" "input"].

Caleb Maclennan · Answer 1 · Thu Apr 01 2021 00:39:35 GMT+0800 (China Standard Time)

This is not a good idea from a security standpoint. That would leave a plain text password as part of a command line that then leaks into shell history, is visible in the system process list, and many other places. There are lots of (fairly) secure ways to script passing secrets, but this isn't one of them.

Ranomier · Answer 2 · Thu Apr 01 2021 00:52:25 GMT+0800 (China Standard Time)

Make it an environment variable.

But from a security standpoint having a key file isn't more secure. It can lay around on file systems usw.

And i want still to input the password interactive. I just want to run one command to decrypt multiple files.

#!/usr/bin/env bash

read var #user input
export PASSWORD=$var

age -d -p -o <output> <input>
age -d -p -o <output2> <input2>
age -d -p -o <output3> <input3>

Caleb Maclennan · Answer 3 · Thu Apr 01 2021 01:49:52 GMT+0800 (China Standard Time)

Yes, something like AGE_PASSPHRASE as an env var could work, or a file descriptor like #48 proposes. In any case this is a duplicate of either that issue or #130.

Ranomier · Answer 4 · Thu Apr 01 2021 02:57:12 GMT+0800 (China Standard Time)

Ok if its dublicate, i shall close it :)

Thanks 👍