Add --passwd to support piping password via stdin #13
Conversation
|
@Chouser and I discussed this a bit and came to the conclusion that coupling |
|
Updated pull request with @abrooks's suggestion |
|
Since I've been picking up several PRs, and since @abrooks asked, let's talk about this one. Can you give me a bit more detail on the use case? In general I'm wary of programmatically accepting a password because that means the user has to have the password stored somewhere. While there are users like yourselves who will store those in a password manager and pull them out programmatically, I can also see folks doing things like Also, while testing this out, I've noticed that it will fail if you have more than one device configured on your 2FA account. This is because In talking to @gcochard about this, he suggested we might talk about implementing some kind of credential helper instead, where the user could specify a command-line program to be run which would spit the password to its stdout, and could then be collected by |
|
My PR 24 should solve the device prompting problem. And my two cents: There are lots of ways people can do stupid things with passwords. Accepting the password via stdin may let someone do something stupid, but will make things more secure for those of us who can pipe the password from a password manager. As it is, I'm constantly having to copy/paste the thing from my |
This adds a new command-line flag --passwd that can be set to either "getpass" (current behavior and still default) or "stdin". Specifying "stdin" takes the password straight from stdin without prompting or requiring a tty, and causes prevents any other interactive prompts from happening.
The purpose of this is to allow scripted use of alohomora, where the password is collected from some other programmatic source, such as lpass-cli or similar.