best practice for shell scripting

Amir Yalon quoiceehoh-20180826 at yxejamir.net
Tue Jan 26 10:05:35 UTC 2021


On Tue, 26 Jan 2021, at 11:15, Frank Grüllich wrote:
> Injecting it via env var is *slightly* more secure.

If you can switch from using a password to using a bearer token, then the slightly even more secure option is https://rclone.org/webdav/#webdav-bearer-token-command:

    rclone sync --webdav-bearer-token-command "pass show path/to/webdav/token" …

People who don’t use password managers still make the distinction between a memorisable “password” and a random string “token”, and design a different interface for each of them. 🤷


More information about the Password-Store mailing list