> On May 15, 2017, at 8:20 AM, Kamil Dudka via curl-users - curl-users_at_cool.haxx.se <> wrote:
>
> On Monday, May 15, 2017 13:55:29 Nick Chambers wrote:
>> On 5/15/17, 8:03 AM, "curl-users on behalf of Daniel Stenberg"
>>
>> <curl-users-bounces_at_cool.haxx.se on behalf of daniel_at_haxx.se> wrote:
>>> On Mon, 15 May 2017, Timothe Litt wrote:
>>>> Suggestion: add a way to specify -H from a file, perhaps -H @filespec
>>>>
>>>> as is
>>>>
>>>> provided for -d & friends?
>>>
>>> I like this idea!
>>
>> In the meantime, you can do something like `curl -H "$(cat
>> .secret_auth_token)" ...` or something like that. It's not a cURL
>> solution, but provides a workaround until your idea can be implemented.
>
> I am afraid this is not going to help because command substitution gets
> evaluated before executing curl. Consequently, the secret can still be
> seen in the output of 'ps' as long as curl is running.
>
> Kamil

You can use ‘expect’ to provide passwords “interactively” in batch scripts.
Your expect-script would read from the file. (You should at least limit
accessibility of that file.) You could then provide the user-name on the curl
command-line, and provide the password from your script, or don’t provide
command-line user, and provide both user and password from your script.

Jeff

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-05-15