Make password arguments optional, fall back to prompting via stdin
michaelklishin opened this issue · 0 comments
This is an abbreviated, more specific version of #364 originally filed by @KimBrodowski.
Some environments interactively set up users using rabbitmqctl add_user and related commands but provide no way to hide the value from other users who have access to the same process list.
There are some alternatives available:
- Definition import
- Using HTTP API and precomputed password hashes
- Authentication using X.509 certificates
They all can be considered more complex for various reasons.
Making passwords optional for the few commands that accept them and reading values from standard input would make passing sensitive plain text values less prone to proces list eavesdropping. It can be supplemented by a --non-interactive switch that would fail argument validation instead of falling back to reading from stdin.
Some examples:
# works the same way it does today
rabbitmqctl add_user "username$1" "secret"
# ditto
rabbitmqctl add_user "username$1" "secret" --interactive
# prompts for password via stdin, --interactive is enabled by default
rabbitmqctl add_user "username$1" --interactive
# fails because of the missing password
rabbitmqctl add_user "username$1" --non-interactive