fix: suppress terminal echo for secret input and guard against overwrites
- Use `read -rs` to hide typed secret value from terminal - Prompt for confirmation before overwriting an existing secret Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
parent
1b52761336
commit
ec58cb1745
1 changed files with 11 additions and 1 deletions
12
bin/disinto
12
bin/disinto
|
|
@ -2059,13 +2059,23 @@ disinto_secrets() {
|
||||||
|
|
||||||
printf 'Enter value for %s: ' "$name" >&2
|
printf 'Enter value for %s: ' "$name" >&2
|
||||||
local value
|
local value
|
||||||
IFS= read -r value
|
IFS= read -rs value
|
||||||
|
echo >&2
|
||||||
if [ -z "$value" ]; then
|
if [ -z "$value" ]; then
|
||||||
echo "Error: empty value" >&2
|
echo "Error: empty value" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local enc_path="${secrets_dir}/${name}.enc"
|
local enc_path="${secrets_dir}/${name}.enc"
|
||||||
|
if [ -f "$enc_path" ]; then
|
||||||
|
printf 'Secret %s already exists. Overwrite? [y/N] ' "$name" >&2
|
||||||
|
local confirm
|
||||||
|
read -r confirm
|
||||||
|
if [ "$confirm" != "y" ] && [ "$confirm" != "Y" ]; then
|
||||||
|
echo "Aborted." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
if ! printf '%s' "$value" | age -r "$AGE_PUBLIC_KEY" -o "$enc_path"; then
|
if ! printf '%s' "$value" | age -r "$AGE_PUBLIC_KEY" -o "$enc_path"; then
|
||||||
echo "Error: encryption failed" >&2
|
echo "Error: encryption failed" >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue