Lately, I’ve been messing around with making small CLI apps quite a bit. I use it to perform various backend tasks on a couple of cloud-hosted APIs, which has turned out to be a really nice way of automating backend tasks while not needing to build any kind of graphical UI for them.
The other day I wanted to be able to manage user accounts from the command line as well, which required me to input a password to the CLI app somehow – but how to do that without passing the password on the command line?
If I had to do it like this, I would make the password part of that particular console window’s history:
C:\> whatever createuser -user [email protected] -password nooneMustSeeThis!!
which would pose a general security risk. An obvious way to fix that, is to have the CLI app prompt the user for the password, allowing me to enter the password at runtime:
C:\> whatever createuser -user [email protected] Creating user [email protected]' Please enter password: nooneMustSeeThis!! ...
While this is better than accepting it directly as a parameter, it is still not totally acceptable, because the password will be perfectly visible in the console window’s buffer history.
Usually, when prompting the user for a password, we let UIs output little asterisks as a placeholder for each character – and that is of course what we should do 🙂
And that is what I made a small (the smallest one I have made to this date) NuGet package called “Shtern”, which contains one single static method:
With Sthern, the password input scenario would look like this:
C:\> whatever createuser -user [email protected] Creating user [email protected]' Please enter password: ******************* ...
while of course delivering the password string to the application. And that was exactly what we needed 🙂