curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: How to stop bearer tokens leaking

From: Stephen Booth via curl-library <>
Date: Fri, 5 Nov 2021 15:40:03 +0000

On 05/11/2021 13:44, Patrick Monnerat via curl-library wrote:
> On 11/5/21 10:43, Stephen Booth via curl-library wrote:
>> If I use basic-auth the curl binary hides the credentials passed on
>> the command line from being seen using ps -1
>> Whats the best way of protecting bearer tokens in the same way?
>> AFAIK the only way of setting a bearer token is to use the generic -H
>> flag
> You should use the --oauth2-bearer option. Unfortunately it does not
> (yet) obfuscate its argument. A PR for it is pending:
> Patrick

Thank you Patrick. I think that would be a big improvement
especially for interactive use where people don't have time to setup
config files etc.

I missed the --oauth-bearer option because I checked the flags on an old
box with an old curl version :-)

|epcc| Dr Stephen P Booth Principal Architect |epcc|
|epcc| Phone 0131 650 5746 |epcc|
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
Received on 2021-11-05