We are about to start using curl to automate task execution and I have that all working with no issues. The only part I really do not like is that the process running the curl command requires that the password is there “in plain text”.
I am wondering if anyone has worked around this somehow and would be willing to share their suggestions.
Thanks
Martin
Have you tried whats suggested here?
Sounds like using a file is the preferred way
are you trying to prevent the password from showing up in the client logs, or are you just not wanting to pass CURL the password in plain text at all on the command line, even if it doesn’t show up anywhere?
I use curl with secure parameters and passwords in many examples I have that use the REST API on BigFix.Me
Writing the passwords to a file, then deleting the file is a next best option, but then you have the password written to disk, which seems like a step forward and a step backward.
I have thought of using a config file with multiple passwords in it that is decrypted using a single secure parameter as a way to handle multiple creds without the need for multiple secure parameters. Ideally the creds would be encrypted on disk and only decrypted temporarily into memory, used, and then discarded.