Command line API: How to not expose passwords?

I’m scripting Virtualmin GPL using the command line API and ran into a security related issue.

In order to use commands such as create-domain, modify-domain etc., I have to supply passwords on the command line ie. virtualmin --pass password.

But …

Such passwords are transiently available if some other normal shell user happens to run ‘ps -ef’ at the same time.

So, any thoughts on how I can work around this?

Is there an equivalent of mysql’s -p parameter which accepts passwords via stdin?

Howdy,

That’s a good question, and while I’m not aware of a way to do that now – I bet Jamie would be happy to either steer you in the right direction, or code up a solution if there isn’t one :slight_smile:

What I’d recommend is filing a request using the Support link above, saying exactly what you did in your post here, and Jamie will work with you to come up with a good solution.

-Eric

Filed a support issue at:

https://www.virtualmin.com/node/12275

Thank you.