How to securely get a password from a user in a POSIX Compliant Shell Script.
There is 2 ways to create a function to securely get password in a shell script.
- 1. ksh93 and bash compliant:
read -rsp "contextual message" variable
- 2. POSIX Compliant:
printf %s "contextual message"; stty -echo; read passwd; stty echo; printf %s "$password"
1. Here is an example of function ksh93 and bash compliant
### Simple function to securely get a password from a user
f_get_password () #$1="Message to show to user before capturing password"
{
# Print a meaningful message to the user
## We send our contextual message to stderr so it won't pollute our variable
## receiving the output of this function.
printf "$1" >&2
# Capture the password without displaying it on the screen
read -rsp "$1" passwd
# Return the password to the function caller
printf %s "$passwd"
# Return the prompt on its own line
printf "\n" >&2
}
Example of usage:
password=$(f_get_password "Enter your password") && echo "The password is: $password"
Output:
Enter your password The password is: mypassword
2. Here is an example of function POSIX Compliant
### Simple function to securely get a password from a user
f_get_password () #$1="Message to show to user before capturing password"
{
#Display a meaningful message to the user
## We send our contextual message to stderr so it won't pollute our variable
## receiving the output of this function.
printf "$1" >&2
# Disable echo.
stty -echo
# Set up trap to ensure echo is enabled before exiting if the script is terminated while echo is disabled.
trap 'stty echo' EXIT
# Capture the password without displaying it on the screen
read passwd
# Return the password to the function caller
printf %s "$passwd"
# Enable echo.
stty echo
trap - EXIT
printf "\n" >&2
}
Example of usage:
password=$(f_get_password "Enter your password") && echo "The password is: $password"
Output:
Enter your password The password is: mypassword