How to prevent a password or other sensitive information from being stored in the bash history when using grep?
Solution 1:
If you put HISTCONTROL=ignorespace
in your .bashrc, and you put a space before the command name, it will not be added to your history.
$ export HISTCONTROL=ignorespace
$ grep "passwd" secret_password_file.txt # added to history
$ grep "passwd" secret_password_file.txt # not added to history
Solution 2:
Just for completeness, I answer the question in the body: how to get grep to read patterns from stdin:
You can use the -f
option:
grep -f- /path/to/file
That will read any number of patterns from stdin
, one per line. (-
means stdin
; you could also specify a file with patterns, one per line.) grep
will match lines in /path/to/file
which match any of the specified patterns.
Solution 3:
This is the best I could come up with:
grep $(read -p "Pattern: "; echo $REPLY) .*
Is this safe enough? Is there anyway to recover the pattern other than scrolling the terminal? Is there a nicer way?