best practice for shell scripting

Amir Yalon quoiceehoh-20180826 at
Tue Jan 26 10:05:35 UTC 2021

On Tue, 26 Jan 2021, at 11:15, Frank Grüllich wrote:
> Injecting it via env var is *slightly* more secure.

If you can switch from using a password to using a bearer token, then the slightly even more secure option is

    rclone sync --webdav-bearer-token-command "pass show path/to/webdav/token" …

People who don’t use password managers still make the distinction between a memorisable “password” and a random string “token”, and design a different interface for each of them. 🤷

More information about the Password-Store mailing list