How to get a password from a shell script without echoing

Question

I have a script that automates a process that needs access to a password protected system  The system is accessed via a command-line program that accepts the user password as an argument   I would like to prompt the user to type in their password  assign it to a shell variable  and then use that variable to construct the command line of the accessing program  which will of course produce stream output that I will process      I am a reasonably competent shell programmer in Bourne Bash  but I don t know how to accept the user input without having it echo to the terminal  or maybe having it echoed using     characters      Can anyone help with this

User · Answer

One liner    read -s -p  Password    password   Under Linux  and cygwin  this form works in bash and sh  It may not be standard Unix sh  though   For more info and options  in bash  type  help read      help read read  read  -ers   -a array   -d delim   -i text   -n nchars   -N nchars   -p prompt   -t timeout   -u fd   name      Read a line from the standard input and split it into fields          -p prompt output the string PROMPT without a trailing newline before             attempting to read         -s                do not echo input coming from a terminal

User · Answer

Here is another way to do it      bin bash   Read Password echo -n Password   read -s password echo   Run Command echo  password   The read -s will turn off echo for you  Just replace the echo on the last line with the command you want to run

User · Answer

For anyone needing to prompt for a password  you may be interested in using encpass sh   This is a script I wrote for similar purposes of capturing a secret at runtime and then encrypting it for subsequent occasions   Subsequent runs do not prompt for the password as it will just use the encrypted value from disk   It stores the encrypted passwords in a hidden folder under the user s home directory or in a custom folder that you can define through the environment variable ENCPASS HOME DIR   It is designed to be POSIX compliant and has an MIT License  so it can be used even in corporate enterprise environments   My company  Plyint LLC  maintains the script and occasionally releases updates  Pull requests are also welcome  if you find an issue      To use it in your scripts simply source encpass sh in your script and call the get secret function   I m including a copy of the script below for easy visibility      bin sh                                                                                    Copyright  c  2020 Plyint  LLC  lt contact plyint com gt   All Rights Reserved    This file is licensed under the MIT License  MIT      Please see LICENSE txt for more information       DESCRIPTION     This script allows a user to encrypt a password  or any other secret  at    runtime and then use it  decrypted  within a script   This prevents shoulder    surfing passwords and avoids storing the password in plain text  which could    inadvertently be sent to or discovered by an individual at a later date      This script generates an AES 256 bit symmetric key for each script  or user-   defined bucket  that stores secrets   This key will then be used to encrypt    all secrets for that script or bucket   encpass sh sets up a directory      encpass  under the user s home directory where keys and secrets will be    stored      For further details  see README md or run    encpass    from the command line                                                                                      encpass checks         if   -n   ENCPASS CHECKS     then         return     fi      if     -x    command -v openssl      then         echo  Error  OpenSSL is not installed or not accessible in the current path                  Please install it and try again    gt  amp 2         exit 1     fi      if   -z   ENCPASS HOME DIR     then         ENCPASS HOME DIR   encpass get abs filename     encpass     fi      if     -d   ENCPASS HOME DIR     then         mkdir -m 700   ENCPASS HOME DIR          mkdir -m 700   ENCPASS HOME DIR keys          mkdir -m 700   ENCPASS HOME DIR secrets      fi      if      basename   0        encpass sh     then         encpass include init   1    2      fi      ENCPASS CHECKS 1      Initializations performed when the script is included by another script encpass include init         if   -n   1     amp  amp    -n   2     then         ENCPASS BUCKET  1         ENCPASS SECRET NAME  2     elif   -n   1     then         ENCPASS BUCKET   basename   0           ENCPASS SECRET NAME  1     else         ENCPASS BUCKET   basename   0           ENCPASS SECRET NAME  password      fi    encpass generate private key         ENCPASS KEY DIR   ENCPASS HOME DIR keys  ENCPASS BUCKET       if     -d   ENCPASS KEY DIR     then         mkdir -m 700   ENCPASS KEY DIR      fi      if     -f   ENCPASS KEY DIR private key     then          umask 0377  amp  amp  printf   s     openssl rand -hex 32    gt   ENCPASS KEY DIR private key       fi    encpass get private key abs name         ENCPASS PRIVATE KEY ABS NAME   ENCPASS HOME DIR keys  ENCPASS BUCKET private key       if     1      nogenerate     then          if     -f   ENCPASS PRIVATE KEY ABS NAME     then             encpass generate private key         fi     fi    encpass get secret abs name         ENCPASS SECRET ABS NAME   ENCPASS HOME DIR secrets  ENCPASS BUCKET  ENCPASS SECRET NAME enc       if     3      nocreate     then          if     -f   ENCPASS SECRET ABS NAME     then             set secret   1    2          fi     fi    get secret         encpass checks   1    2      encpass get private key abs name     encpass get secret abs name   1    2      encpass decrypt secret    set secret         encpass checks   1    2       if     3      reuse           -z   ENCPASS SECRET INPUT     amp  amp    -z   ENCPASS CSECRET INPUT        then         echo  Enter  ENCPASS SECRET NAME    gt  amp 2         stty -echo         read -r ENCPASS SECRET INPUT         stty echo         echo  Confirm  ENCPASS SECRET NAME    gt  amp 2         stty -echo         read -r ENCPASS CSECRET INPUT         stty echo     fi      if     ENCPASS SECRET INPUT      ENCPASS CSECRET INPUT     then         encpass get private key abs name         ENCPASS SECRET DIR   ENCPASS HOME DIR secrets  ENCPASS BUCKET           if     -d   ENCPASS SECRET DIR     then             mkdir -m 700   ENCPASS SECRET DIR          fi          printf   s     openssl rand -hex 16    gt   ENCPASS SECRET DIR  ENCPASS SECRET NAME enc           ENCPASS OPENSSL IV    cat   ENCPASS SECRET DIR  ENCPASS SECRET NAME enc             echo   ENCPASS SECRET INPUT    openssl enc -aes-256-cbc -e -a -iv                 ENCPASS OPENSSL IV  -K                  cat   ENCPASS HOME DIR keys  ENCPASS BUCKET private key    1 gt  gt                          ENCPASS SECRET DIR  ENCPASS SECRET NAME enc      else         echo  Error  secrets do not match   Please try again    gt  amp 2         exit 1     fi    encpass get abs filename            1   relative filename     filename   1      parentdir    dirname    filename          if   -d    filename      then         cd    filename    amp  amp  pwd     elif   -d    parentdir      then         echo    cd    parentdir    amp  amp  pwd    basename    filename         fi    encpass decrypt secret         if   -f   ENCPASS PRIVATE KEY ABS NAME     then         ENCPASS DECRYPT RESULT    dd if   ENCPASS SECRET ABS NAME  ibs 1 skip 32 2 gt   dev null   openssl enc -aes-256-cbc               -d -a -iv    head -c 32   ENCPASS SECRET ABS NAME    -K    cat   ENCPASS PRIVATE KEY ABS NAME    2 gt   dev null           if     -z   ENCPASS DECRYPT RESULT     then             echo   ENCPASS DECRYPT RESULT          else               If a failed unlock command occurred and the user tries to show the secret               Present either locked or decrypt command             if   -f   ENCPASS HOME DIR keys  ENCPASS BUCKET private lock     then              echo    Locked                else                   The locked file wasn t present as expected   Let s display a failure             echo  Error  Failed to decrypt              fi         fi     elif   -f   ENCPASS HOME DIR keys  ENCPASS BUCKET private lock     then         echo    Locked        else         echo  Error  Unable to decrypt  The key file    ENCPASS PRIVATE KEY ABS NAME   is not present       fi                                                                  COMMAND LINE MANAGEMENT SUPPORT   -------------------------------   If you don t need to manage the secrets for the scripts   with encpass sh you can delete all code below this point   in order to significantly reduce the size of encpass sh    This is useful if you want to bundle encpass sh with   your existing scripts and just need the retrieval   functions                                                              encpass show secret         encpass checks     ENCPASS BUCKET  1      encpass get private key abs name  nogenerate       if     -z   2     then         ENCPASS SECRET NAME  2         encpass get secret abs name   1    2   nocreate          if   -z   ENCPASS SECRET ABS NAME     then             echo  No secret named  2 found for bucket  1               exit 1         fi          encpass decrypt secret     else         ENCPASS FILE LIST   ls -1   ENCPASS HOME DIR  secrets   1           for ENCPASS F in  ENCPASS FILE LIST  do             ENCPASS SECRET NAME   basename   ENCPASS F   enc               encpass get secret abs name   1    ENCPASS SECRET NAME   nocreate              if   -z   ENCPASS SECRET ABS NAME     then                 echo  No secret named  ENCPASS SECRET NAME found for bucket  1                   exit 1             fi              echo   ENCPASS SECRET NAME     encpass decrypt secret           done     fi    encpass getche             old   stty -g          stty raw min 1 time 0         printf   s     dd bs 1 count 1 2 gt  dev null           stty   old     encpass remove         if     -n   ENCPASS FORCE REMOVE     then         if     -z   ENCPASS SECRET     then             printf  Are you sure you want to remove the secret    s   from bucket    s     y N     ENCPASS SECRET    ENCPASS BUCKET          else             printf  Are you sure you want to remove the bucket    s     y N     ENCPASS BUCKET          fi          ENCPASS CONFIRM    encpass getche           printf   n          if     ENCPASS CONFIRM      Y     amp  amp      ENCPASS CONFIRM      y     then             exit 0         fi     fi      if     -z   ENCPASS SECRET     then         rm -f   1          printf  Secret    s   removed from bucket    s    n    ENCPASS SECRET    ENCPASS BUCKET      else         rm -Rf   ENCPASS HOME DIR keys  ENCPASS BUCKET          rm -Rf   ENCPASS HOME DIR secrets  ENCPASS BUCKET          printf  Bucket    s   removed  n    ENCPASS BUCKET      fi    encpass save err         if read -r x  then           printf   s n    x   cat     gt    1      elif     x           then         printf   s    x   gt    1      fi    encpass help     less  lt  lt  EOF NAME      encpass sh - Use encrypted passwords in shell scripts  DESCRIPTION       A lightweight solution for using encrypted passwords in shell scripts      using OpenSSL  It allows a user to encrypt a password  or any other secret      at runtime and then use it  decrypted  within a script  This prevents     shoulder surfing passwords and avoids storing the password in plain text       within a script  which could inadvertently be sent to or discovered by an      individual at a later date       This script generates an AES 256 bit symmetric key for each script       or user-defined bucket  that stores secrets  This key will then be used      to encrypt all secrets for that script or bucket       Subsequent calls to retrieve a secret will not prompt for a secret to be      entered as the file with the encrypted value already exists       Note  By default  encpass sh sets up a directory   encpass  under the      user s home directory where keys and secrets will be stored   This directory     can be overridden by setting the environment variable ENCPASS HOME DIR to a     directory of your choice          encpass  or the directory specified by ENCPASS HOME DIR  will contain      the following subdirectories        - keys  Holds the private key for each script bucket        - secrets  Holds the secrets stored for each script bucket   USAGE      To use the encpass sh script in an existing shell script  source the script      and then call the get secret function       Example              bin sh           encpass sh         password    get secret       When no arguments are passed to the get secret function      then the bucket name is set to the name of the script and     the secret name is set to  password        There are 2 other ways to call get secret         Specify the secret name        Ex     get secret user          - bucket name    lt script name gt          - secret name    user         Specify both the secret name and bucket name        Ex     get secret personal user          - bucket name    personal          - secret name    user       encpass sh also provides a command line interface to manage the secrets      To invoke a command  pass it as an argument to encpass sh from the shell             encpass sh  COMMAND       See the COMMANDS section below for a list of available commands   Wildcard     handling is implemented for secret and bucket names   This enables     performing operations like adding removing a secret to from multiple buckets         at once   COMMANDS      add  -f   lt bucket gt   lt secret gt          Add a secret to the specified bucket   The bucket will be created         if it does not already exist  If a secret with the same name already         exists for the specified bucket  then the user will be prompted to         confirm overwriting the value   If the -f option is passed  then the         add operation will perform a forceful overwrite of the value   i e  no         prompt       list ls   lt bucket gt           Display the names of the secrets held in the bucket   If no bucket         is specified  then the names of all existing buckets will be         displayed       lock         Locks all keys used by encpass sh using a password   The user         will be prompted to enter a password and confirm it   A user         should take care to securely store the password   If the password         is lost then keys can not be unlocked   When keys are locked          secrets can not be retrieved   e g  the output of the values         in the  show  command will be encrypted garbage       remove rm  -f   lt bucket gt    lt secret gt           Remove a secret from the specified bucket   If only a bucket is         specified then the entire bucket  i e  all secrets and keys  will         be removed   By default the user is asked to confirm the removal of         the secret or the bucket   If the -f option is passed then a          forceful removal will be performed    i e  no prompt       show   lt bucket gt     lt secret gt           Show the unencrypted value of the secret from the specified bucket          If no secret is specified then all secrets for the bucket are displayed       update  lt bucket gt   lt secret gt          Updates a secret in the specified bucket   This command is similar         to using an  add -f  command  but it has a safety check to only          proceed if the specified secret exists   If the secret  does not         already exist  then an error will be reported  There is no forceable         update implemented   Use  add -f  for any required forceable update         scenarios       unlock         Unlocks all the keys for encpass sh   The user will be prompted to          enter the password and confirm it       dir         Prints out the current value of the ENCPASS HOME DIR environment variable       help --help usage --usage           Display this help message  EOF      Subcommands for cli support case   1  in     add           shift         while getopts   f  ENCPASS OPTS  do             case   ENCPASS OPTS  in                 f   ENCPASS FORCE ADD 1               esac         done          encpass checks          if   -n   ENCPASS FORCE ADD     then             shift    OPTIND-1           fi          if     -z   1     amp  amp      -z   2     then               Allow globbing               shellcheck disable SC2027 SC2086             ENCPASS ADD LIST    ls -1d   ENCPASS HOME DIR secrets   1   2 gt  dev null               if   -z   ENCPASS ADD LIST     then                 ENCPASS ADD LIST   1              fi              for ENCPASS ADD F in  ENCPASS ADD LIST  do                 ENCPASS ADD DIR    basename   ENCPASS ADD F                    ENCPASS BUCKET   ENCPASS ADD DIR                  if     -n   ENCPASS FORCE ADD     amp  amp    -f   ENCPASS ADD F  2 enc     then                     echo  Warning  A secret with the name    2   already exists for bucket  ENCPASS BUCKET                       echo  Would you like to overwrite the value   y N                        ENCPASS CONFIRM    encpass getche                       if     ENCPASS CONFIRM      Y     amp  amp      ENCPASS CONFIRM      y     then                         continue                     fi                 fi                  ENCPASS SECRET NAME   2                  echo  Adding secret    ENCPASS SECRET NAME   to bucket    ENCPASS BUCKET                       set secret   ENCPASS BUCKET    ENCPASS SECRET NAME   reuse              done         else             echo  Error  A bucket name and secret name must be provided when adding a secret               exit 1         fi                update           shift          encpass checks         if     -z   1     amp  amp      -z   2     then              ENCPASS SECRET NAME   2                Allow globbing               shellcheck disable SC2027 SC2086             ENCPASS UPDATE LIST    ls -1d   ENCPASS HOME DIR secrets   1   2 gt  dev null                for ENCPASS UPDATE F in  ENCPASS UPDATE LIST  do                   Allow globbing                   shellcheck disable SC2027 SC2086                 if   -f   ENCPASS UPDATE F   2  enc     then                         ENCPASS UPDATE DIR    basename   ENCPASS UPDATE F                            ENCPASS BUCKET   ENCPASS UPDATE DIR                          echo  Updating secret    ENCPASS SECRET NAME   to bucket    ENCPASS BUCKET                               set secret   ENCPASS BUCKET    ENCPASS SECRET NAME   reuse                  else                     echo  Error  A secret with the name    2   does not exist for bucket  1                       exit 1                 fi             done         else             echo  Error  A bucket name and secret name must be provided when updating a secret               exit 1         fi                rm remove           shift         encpass checks          while getopts   f  ENCPASS OPTS  do             case   ENCPASS OPTS  in                 f   ENCPASS FORCE REMOVE 1               esac         done          if   -n   ENCPASS FORCE REMOVE     then             shift    OPTIND-1           fi          if   -z   1     then              echo  Error  A bucket must be specified for removal           fi            Allow globbing           shellcheck disable SC2027 SC2086         ENCPASS REMOVE BKT LIST    ls -1d   ENCPASS HOME DIR secrets   1   2 gt  dev null           if     -z   ENCPASS REMOVE BKT LIST     then             for ENCPASS REMOVE B in  ENCPASS REMOVE BKT LIST  do                  ENCPASS BUCKET    basename   ENCPASS REMOVE B                    if     -z   2     then                       Removing secrets for a specified bucket                       Allow globbing                       shellcheck disable SC2027 SC2086                     ENCPASS REMOVE LIST    ls -1p   ENCPASS REMOVE B   2  enc  2 gt  dev null                        if   -z   ENCPASS REMOVE LIST     then                         echo  Error  No secrets found for  2 in bucket  ENCPASS BUCKET                           exit 1                     fi                      for ENCPASS REMOVE F in  ENCPASS REMOVE LIST  do                         ENCPASS SECRET   2                          encpass remove   ENCPASS REMOVE F                      done                 else                       Removing a specified bucket                     encpass remove                 fi              done         else             echo  Error  The bucket named  1 does not exist               exit 1         fi                show           shift         encpass checks         if   -z   1     then             ENCPASS SHOW DIR             else             ENCPASS SHOW DIR  1         fi          if     -z   2     then               Allow globbing               shellcheck disable SC2027 SC2086             if   -f    encpass get abs filename   ENCPASS HOME DIR secrets  ENCPASS SHOW DIR   2  enc       then                 encpass show secret   ENCPASS SHOW DIR    2              fi         else               Allow globbing               shellcheck disable SC2027 SC2086             ENCPASS SHOW LIST    ls -1d   ENCPASS HOME DIR secrets   ENCPASS SHOW DIR   2 gt  dev null                if   -z   ENCPASS SHOW LIST     then                 if     ENCPASS SHOW DIR           then                     echo  Error  No buckets exist                   else                     echo  Error  Bucket  1 does not exist                   fi                 exit 1             fi              for ENCPASS SHOW F in  ENCPASS SHOW LIST  do                 ENCPASS SHOW DIR    basename   ENCPASS SHOW F                    echo   ENCPASS SHOW DIR                   encpass show secret   ENCPASS SHOW DIR                  echo                 done         fi                ls list           shift         encpass checks         if     -z   1     then               Allow globbing               shellcheck disable SC2027 SC2086             ENCPASS FILE LIST    ls -1p   ENCPASS HOME DIR secrets   1   2 gt  dev null                if   -z   ENCPASS FILE LIST     then                   Allow globbing                   shellcheck disable SC2027 SC2086                 ENCPASS DIR EXISTS    ls -d   ENCPASS HOME DIR secrets   1   2 gt  dev null                   if     -z   ENCPASS DIR EXISTS     then                     echo  Bucket  1 is empty                   else                     echo  Error  Bucket  1 does not exist                   fi                 exit 1             fi              ENCPASS NL                for ENCPASS F in  ENCPASS FILE LIST  do                 if   -d    ENCPASS F        then                     printf   ENCPASS NL s n     basename   ENCPASS F                        ENCPASS NL   n                  else                     printf   s n     basename   ENCPASS F   enc                   fi             done         else               Allow globbing               shellcheck disable SC2027 SC2086             ENCPASS BUCKET LIST    ls -1p   ENCPASS HOME DIR secrets   1   2 gt  dev null               for ENCPASS C in  ENCPASS BUCKET LIST  do                 if   -d    ENCPASS C        then                     printf   n s    n  basename   ENCPASS C                    else                     basename   ENCPASS C   enc                 fi             done         fi                lock           shift         encpass checks          echo                             WARNING                               gt  amp 2         echo    You are about to lock your keys with a password                gt  amp 2         echo    You will not be able to use your secrets again until you       gt  amp 2         echo    unlock the keys with the same password  It is important        gt  amp 2         echo    that you securely store the password  so you can recall it     gt  amp 2         echo    in the future   If you forget your password you will no        gt  amp 2         echo    longer be able to access your secrets                          gt  amp 2         echo                             WARNING                               gt  amp 2          printf   n s n   About to lock keys held in directory  ENCPASS HOME DIR keys            printf   nEnter Password to lock keys    gt  amp 2         stty -echo         read -r ENCPASS KEY PASS         printf   nConfirm Password    gt  amp 2         read -r ENCPASS CKEY PASS         printf   n          stty echo          if   -z   ENCPASS KEY PASS     then             echo  Error  You must supply a password value               exit 1         fi          if     ENCPASS KEY PASS      ENCPASS CKEY PASS     then             ENCPASS NUM KEYS LOCKED 0             ENCPASS KEYS LIST    ls -1d   ENCPASS HOME DIR keys       2 gt  dev null               for ENCPASS KEY F in  ENCPASS KEYS LIST  do                  if   -d    ENCPASS KEY F        then                     ENCPASS KEY NAME    basename   ENCPASS KEY F                        ENCPASS KEY VALUE                        if   -f   ENCPASS KEY F private key     then                         ENCPASS KEY VALUE    cat   ENCPASS KEY F private key                            if     -f   ENCPASS KEY F private lock     then                         echo  Locking key  ENCPASS KEY NAME                             else                           echo  Error  The key  ENCPASS KEY NAME appears to have been previously locked                               echo         The current key file may hold a bad value  Exiting to avoid encrypting                              echo         a bad value and overwriting the lock file                               exit 1                         fi                     else                         echo  Error  Private key file   ENCPASS KEY F private key missing for bucket  ENCPASS KEY NAME                           exit 1                     fi                     if     -z   ENCPASS KEY VALUE     then                         openssl enc -aes-256-cbc -pbkdf2 -iter 10000 -salt -in   ENCPASS KEY F private key  -out   ENCPASS KEY F private lock  -k   ENCPASS KEY PASS                          if   -f   ENCPASS KEY F private key     amp  amp    -f   ENCPASS KEY F private lock     then                               Both the key and lock file exist   We can remove the key file now                             rm -f   ENCPASS KEY F private key                              echo  Locked key  ENCPASS KEY NAME                               ENCPASS NUM KEYS LOCKED     ENCPASS NUM KEYS LOCKED   1                            else                             echo  Error  The key fle and or lock file were not found as expected for key  ENCPASS KEY NAME                           fi                     else                         echo  Error  No key value found for the  ENCPASS KEY NAME key                           exit 1                     fi                 fi             done             echo  Locked  ENCPASS NUM KEYS LOCKED keys           else             echo  Error  Passwords do not match           fi                unlock           shift         encpass checks          printf   s n   About to unlock keys held in the  ENCPASS HOME DIR keys  directory            printf   nEnter Password to unlock keys     gt  amp 2         stty -echo         read -r ENCPASS KEY PASS         printf   n          stty echo          if     -z   ENCPASS KEY PASS     then             ENCPASS NUM KEYS UNLOCKED 0             ENCPASS KEYS LIST    ls -1d   ENCPASS HOME DIR keys       2 gt  dev null               for ENCPASS KEY F in  ENCPASS KEYS LIST  do                  if   -d    ENCPASS KEY F        then                     ENCPASS KEY NAME    basename   ENCPASS KEY F                        echo  Unlocking key  ENCPASS KEY NAME                         if   -f   ENCPASS KEY F private key     amp  amp      -f   ENCPASS KEY F private lock     then                         echo  Error  Key  ENCPASS KEY NAME appears to be unlocked already                           exit 1                     fi                      if   -f   ENCPASS KEY F private lock     then                           Remove the failed file in case previous decryption attempts were unsuccessful                         rm -f   ENCPASS KEY F failed  2 gt  dev null                            Decrypt key  Log any failure to the  failed  file                          openssl enc -aes-256-cbc -d -pbkdf2 -iter 10000 -salt                               -in   ENCPASS KEY F private lock  -out   ENCPASS KEY F private key                                -k   ENCPASS KEY PASS  2 gt  amp 1   encpass save err   ENCPASS KEY F failed                           if     -f   ENCPASS KEY F failed     then                               No failure has occurred                            if   -f   ENCPASS KEY F private key     amp  amp    -f   ENCPASS KEY F private lock     then                                 Both the key and lock file exist   We can remove the lock file now                                rm -f   ENCPASS KEY F private lock                                echo  Unlocked key  ENCPASS KEY NAME                                 ENCPASS NUM KEYS UNLOCKED     ENCPASS NUM KEYS UNLOCKED   1                              else                               echo  Error  The key file and or lock file were not found as expected for key  ENCPASS KEY NAME                             fi                         else                           printf  Error  Failed to unlock key  s  n    ENCPASS KEY NAME                              printf         Please view  sfailed for details  n    ENCPASS KEY F                          fi                     else                         echo  Error  No lock file found for the  ENCPASS KEY NAME key                       fi                 fi             done             echo  Unlocked  ENCPASS NUM KEYS UNLOCKED keys           else             echo  No password entered           fi                dir           shift         encpass checks         echo  ENCPASS HOME DIR  ENCPASS HOME DIR                 help --help usage --usage              encpass checks         encpass help                            if     -z   1     then             echo  Command not recognized  See   encpass sh help   for a list commands               exit 1         fi            esac

User · Answer

You can also prompt for a password without setting a variable in the current shell by doing something like this     read -s echo  REPLY    For instance   my-command --set password   read -sp  Password    echo  REPLY    You can add several of these prompted values with line break  doing this   my-command --set user   read -sp   echo    n   User    echo  REPLY  --set password   read -sp   echo    n   Password    echo  REPLY

User · Answer

Turn echo off using stty  then back on again after

User · Answer

A POSIX compliant answer  Notice the use of  bin sh instead of  bin bash   It does work with bash  but it does not require bash       bin sh stty -echo printf  Password    read PASSWORD stty echo printf   n

User · Answer

The -s option of read is not defined in the POSIX standard  See http   pubs opengroup org onlinepubs 9699919799 utilities read html  I wanted something that would work for any POSIX shell  so I wrote a little function that uses stty to disable echo      bin sh    Read secret string read secret           Disable echo      stty -echo        Set up trap to ensure echo is enabled before exiting if the script       is terminated while echo is disabled      trap  stty echo  EXIT        Read secret      read             Enable echo      stty echo     trap - EXIT        Print a newline because the newline entered by the user after       entering the passcode is not echoed  This ensures that the       next line of output begins at a new line      echo     This function behaves quite similar to the read command  Here is a simple usage of read followed by similar usage of read secret  The input to read secret appears empty because it was not echoed to the terminal    susam cube     read a b c foo  bar baz  qux  susam cube     echo a  a b  b c  c a foo b bar c baz qux  susam cube     unset a b c  susam cube     read secret a b c   susam cube     echo a  a b  b c  c a foo b bar c baz qux  susam cube     unset a b c   Here is another that uses the -r option to preserve the backslashes in the input  This works because the read secret function defined above passes all arguments it receives to the read command    susam cube     read -r a b c foo  bar baz  qux  susam cube     echo a  a b  b c  c a foo b  bar c baz  qux  susam cube     unset a b c  susam cube     read secret -r a b c   susam cube     echo a  a b  b c  c a foo b  bar c baz  qux  susam cube     unset a b c   Finally  here is an example that shows how to use the read secret function to read a password in a POSIX compliant manner   printf  Password    read secret password   Do something with  password here

User · Answer

First of all  if anyone is going to store any password in a file  I would make sure it s hashed  It s not the best security  but at least it will not be in plain text    First  create the password and hash it   echo  password123    md5sum    cut -d  -  -f 1  gt   tmp secret  Now  create your program to use the hash  In this case  this little program receives user input for a password without echoing  and then converts it to hash to be compared with the stored hash  If it matches the stored hash  then access is granted      bin bash  PASSWORD FILE   tmp secret  MD5 HASH   cat  tmp secret  PASSWORD WRONG 1   while    PASSWORD WRONG -eq 1    do     echo  Enter your password       read -s ENTERED PASSWORD     if     MD5 HASH        echo  ENTERED PASSWORD   md5sum   cut -d  -  -f 1      then         echo  Access Deniend  Incorrenct password   Try again      else         echo  Access Granted          PASSWORD WRONG 0     fi done

User · Answer

I found to be the the askpass command useful  password    lib cryptsetup askpass  Give a password     Every input character is replaced by    See   Give a password

User · Answer

This link is help in defining    How to read password from use without echo-ing it back to terminal   How to replace each character with   -character   https   www tutorialkart com bash-shell-scripting bash-read-username-and-password

[bash] How to get a password from a shell script without echoing

Examples related to bash

Examples related to shell

Examples related to scripting

Examples related to sh