Crates.io | passarg |
lib.rs | passarg |
version | 0.2.1 |
source | src |
created_at | 2024-09-25 01:08:34.822019 |
updated_at | 2024-10-02 19:36:53.720142 |
description | Implements OpenSSL-style password/passphrase argument handling. |
homepage | |
repository | https://github.com/astralblue/rust-passarg |
max_upload_size | |
id | 1385870 |
size | 17,458 |
The `passarg ("password argument") module implements OpenSSL-style password/passphrase argument handling.
use clap::Parser;
#[derive(Parser)]
struct Cli {
#[arg(long, value_name = "SPEC", default_value = "env:MY_PASS_IN")]
pass_in: String,
#[arg(long, value_name = "SPEC", default_value = "env:MY_PASS_OUT")]
pass_out: String,
}
fn main() -> Result<(), passarg::Error> {
let cli = Cli::parse();
let mut r = passarg::Reader::new();
let pass_in = r.read_pass_arg(&cli.pass_in)?;
let pass_out = r.read_pass_arg(&cli.pass_out)?;
// ...
Ok(())
}
The program above then by default reads the input/output passphrases
from the environment variables ${MY_PASS_IN}
and ${MY_PASS_OUT}
;
if run with --pass-in file:dec-pass.txt --pass-out stdin
,
then it reads the input/output passphrases
from the file dec-pass.txt
and the standard input respectively.
passarg supports the following OpenSSL-compatible arguments (openssl-passphrase-options(1)):
pass:password
The actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.
env:var
Obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution.
file:pathname
Reads the password from the specified file pathname, which can be a regular file, device, or named pipe. Only the first line, up to the newline character, is read from the stream.
If the same pathname argument is supplied to both -passin and -passout arguments, the first line will be used for the input password, and the next line will be used for the output password.
fd:number
Reads the password from the file descriptor number. This can be useful for sending data via a pipe, for example. The same line handling as described for file: applies to passwords read from file descriptors.
fd: is not supported on Windows.
stdin
Reads the password from standard input. The same line handling as described for file: applies to passwords read from standard input.
passarg also supports the following non-OpenSSL extensions:
prompt[:text]
Prompts the password using rpassword::prompt_password()
.
If text is given, it is used as the prompt.
Otherwise, Password:
is used.
As explained in Passphrase Argument Syntax above, multiple passphrase arguments can share the same file-like source, with each source reading one line from the source.
The order of calls to Reader::read_pass_arg()
matters, and should be documented.
For example, the Quickstart example above
reads --pass-in
first then --pass-out
,
implementing the same input-password-first ordering as with OpenSSL.