From ec58cb17457b495ce9177f12d9b388cd5d080558 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sat, 28 Mar 2026 19:10:47 +0000
Subject: [PATCH] fix: suppress terminal echo for secret input and guard
 against overwrites

- Use `read -rs` to hide typed secret value from terminal
- Prompt for confirmation before overwriting an existing secret

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 bin/disinto | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/bin/disinto b/bin/disinto
index 71a922a..c4ba0f9 100755
--- a/bin/disinto
+++ b/bin/disinto
@@ -2059,13 +2059,23 @@ disinto_secrets() {
 
       printf 'Enter value for %s: ' "$name" >&2
       local value
-      IFS= read -r value
+      IFS= read -rs value
+      echo >&2
       if [ -z "$value" ]; then
         echo "Error: empty value" >&2
         exit 1
       fi
 
       local enc_path="${secrets_dir}/${name}.enc"
+      if [ -f "$enc_path" ]; then
+        printf 'Secret %s already exists. Overwrite? [y/N] ' "$name" >&2
+        local confirm
+        read -r confirm
+        if [ "$confirm" != "y" ] && [ "$confirm" != "Y" ]; then
+          echo "Aborted." >&2
+          exit 1
+        fi
+      fi
       if ! printf '%s' "$value" | age -r "$AGE_PUBLIC_KEY" -o "$enc_path"; then
         echo "Error: encryption failed" >&2
         exit 1