You don't generally want API keys accidentally recorded into someone's bash hist...

zahlman · 2025-07-17T00:47:35 1752713255

What exactly is your threat model, where the attacker can read ~/.bash_history but can't execute (or capture output from) /usr/bin/env?

shakna · 2025-07-17T07:07:39 1752736059

CI and other build systems. Where tokens have been stolen in the past, by users not caring, and a VM not being properly cleaned.

fc417fc802 · 2025-07-18T05:02:06 1752814926

The threat model is that history is persistent while the environment isn't. That said, whenever possible you should handle secrets using file descriptors as opposed to environment variables.

ftigis · 2025-07-17T04:58:27 1752728307

How about not accidentally showing tokens and credentials when live screen sharing?

pastage · 2025-07-17T02:09:54 1752718194

You do NOT save passwords in shell history, it is insanely insecure. Lets begin with the passwords being readable by everything that can list tasks.

You can protect passwords in a password manager. You do not need to keep the passwords in env and I do not.

zahlman · 2025-07-17T02:12:20 1752718340

> Lets begin with the passwords being readable by everything that can list tasks.

Why are processes running that can do this, that I don't already fully trust?

> You can protect passwords in a password manager.

What's your plan for supplying the password to the program, given that people will want to automate use of the program?

dapperdrake · 2025-07-17T03:36:19 1752723379

Threat model: shell scripts