Enable getting password from stdin #86
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -152,6 +152,27 @@ be able to use this via Docker; the Docker container will not be able to | |
| access any devices connected to the host ports. You will likely see the | ||
| following error during runtime: "RuntimeWarning: U2F Device Not Found". | ||
|
|
||
| Feeding password from stdin | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| To enhance usability when using third party tools for managing passwords (aka password manager) you can feed data in | ||
| ``aws-google-auth`` from ``stdin``. | ||
|
|
||
| When receiving data from ``stdin`` ``aws-google-auth`` disables the interactive prompt and uses ``stdin`` data. | ||
|
|
||
| All interactive prompt could be feeded from ``stdin``, but before `#82 <https://github.com/cevoaustralia/aws-google-auth/issues/82>`_ | ||
| was not possible to feed the ``Google Password:`` prompt. | ||
|
|
||
| Example usage: | ||
| :: | ||
| $ password-manager show password | aws-google-auth | ||
|
There was a problem hiding this comment. I'm not aware of what There was a problem hiding this comment. Not a particular tool per se, I was meaning "whatever cli tool you are using as password manager". I would prefer not tying the example to a specific password manager, as any cli tool that can output a password on stdout would be good. Do you think There was a problem hiding this comment. I think something like There was a problem hiding this comment.
@mide that is what I'd like to avoid. To expert users, I expect reading from stdin is a consolidated concept, as is password leaks to shell history. I'd like to avoid a sample command that's a sort of "shooting yourself in the foot" for newcomers or people not so fond on avoiding common pitfalls when using the shell. Anyway I'm ok whit that solution as is surely clear and explicit, if someone else approves. There was a problem hiding this comment. I agree 100% regarding avoiding "shoot yourself in the foot" examples, but at some point, that isn't our job. I've gone back and forth on this issue quite a bit, and I'm okay either way it lands. I think there is value in clarity, but there is also value in preventing silly mistakes. I'm fine using a placeholder for a password manager like you've done. I can go either way. There was a problem hiding this comment. I stand down on my feedback. Let's leave as is. |
||
| Google Password: MFA token: | ||
| Assuming arn:aws:iam::123456789012:role/admin | ||
| Credentials Expiration: ... | ||
|
|
||
| **Note:** this feature is intended for password manager integration, not for passing passwords from command line. | ||
| Please use interactive prompt if you need to pass the password manually, as this provide enhanced security avoid | ||
| password leakage to shell history. | ||
|
|
||
| Storage of profile credentials | ||
| ------------------------------ | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
feeded --> fed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😅 ops! Fixed!