How to prevent terminal from printing passwords from keychain?
I currently use the command-line utility security
in a shell script to access a password from keychain. I am surprised that echoing my password variable works and reveals the password in my terminal window.
I used the function get_pw suggested here and then simply assign the password to a variable PASSWORD. Is it possible to make terminal hide the password?
My shell script looks as follows:
ACCOUNT_NAME='MyAccountName'
get_pw() {
security 2>&1 >/dev/null find-generic-password -ga $ACCOUNT_NAME \
| ruby -e 'print $1 if STDIN.gets =~ /^password: "(.*)"$/'
}
PASSWORD=$(get_pw)
Then when writing echo $PASSWORD, the password is revealed.
Well,
PASSWORD=$(get_pw)
assigns the password to PASSWORD
so it shouldn't be a surprise that
echo "$PASSWORD"
actually prints it on the Terminal.
The idea here is not to print it but to use it in another command to pass it on (as the example in the page you've linked to does). Even then the password is still visible in ps -E
though.