Lately, I’ve been messing around with making small CLI apps quite a bit. I use it to perform various backend tasks on a couple of cloud-hosted APIs, which has turned out to be a really nice way of automating backend tasks while not needing to build any kind of graphical UI for them.
The other day I wanted to be able to manage user accounts from the command line as well, which required me to input a password to the CLI app somehow – but how to do that without passing the password on the command line?
If I had to do it like this, I would make the password part of that particular console window’s history:
C:\> whatever createuser -user [email protected] -password nooneMustSeeThis!!
which would pose a general security risk. An obvious way to fix that, is to have the CLI app prompt the user for the password, allowing me to enter the password at runtime:
C:\> whatever createuser -user [email protected]
Creating user '[email protected]'
Please enter password: nooneMustSeeThis!!
...
While this is better than accepting it directly as a parameter, it is still not totally acceptable, because the password will be perfectly visible in the console window’s buffer history.
Usually, when prompting the user for a password, we let UIs output little asterisks as a placeholder for each character – and that is of course what we should do 🙂
And that is what I made a small (the smallest one I have made to this date) NuGet package called “Shtern”, which contains one single static method: Password.ReadLine()
.
With Sthern, the password input scenario would look like this:
C:\> whatever createuser -user [email protected]
Creating user '[email protected]'
Please enter password: *******************
...
while of course delivering the password string to the application. And that was exactly what we needed 🙂
As usual, the code is on GitHub and the package is on NuGet.org.