curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: How to stop bearer tokens leaking

From: Patrick Monnerat via curl-library <>
Date: Fri, 5 Nov 2021 14:44:51 +0100

On 11/5/21 10:43, Stephen Booth via curl-library wrote:
> If I use basic-auth the curl binary hides the credentials passed on
> the command line from being seen using ps -1
> Whats the best way of protecting bearer tokens in the same way?
> AFAIK the only way of setting a bearer token is to use the generic -H
> flag

You should use the --oauth2-bearer option. Unfortunately it does not
(yet) obfuscate its argument. A PR for it is pending:


Received on 2021-11-05