[Borgbackup] Providing passphrase on the command line (Terminal)
Marian Beermann
public at enkore.de
Mon Jan 29 04:32:47 EST 2018
On 29.01.2018 06:36, Sitaram Chamarty wrote:
> On Mon, Jan 29, 2018 at 06:12:58AM +0100, azarus wrote:
>>
>>
>> On 29 January 2018 03:51:06 CET, Howard Mann <howardm at xmission.com> wrote:
>>> Hi,
>>>
>>> I’m a new (non-techie) Borg user. I’ve successfully created a
>>> repository— with passphrase-aasociated encryption. I use Mac OS.
>>>
>>> For each individual command I now issue in Terminal, such as “borg
>>> list…” I have to enter the requested passphrase.
>>>
>>> Is there a way I can avoid (or minimize) this requirement.
>>>
>>> I know about the use of “export
>>> BORG_PASSPHRASE=‘superawesomepassphrase’” in a script, which I’ve
>>> created and used successfully.
>>
>> That what you've just mentioned can be used inside a script or outside a script and is called an 'environment variable'.
>>
>> Borg regards that environment variable either way, so I'd just export it before listing the repos.
>
> I'm also using that environment variable, but that is not ideal.
> On multi user systems where /proc is mounted default, it can
> reveal the passphrase to a "ps" command.
Process environments are private. "export FOO=bar" can't be observed by
ps, because "export" can't be a command, but must always be a shell
built-in.
Even if you do "FOO=bar some_command", the "FOO=bar" part is interpreted
by the shell and won't show up in ps.
-Marian
More information about the Borgbackup
mailing list