Skip to content

Prevent password leakage via curl process information #496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rrobgill wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Prevent password leakage via curl process information #496

rrobgill wants to merge 1 commit into from
+7 −1

Conversation

@rrobgill
Copy link
Contributor

@rrobgill rrobgill commented Jan 15, 2026

What does this PR aim to accomplish?:

Prevent leakage of password via process information of curl command.

At the moment, even if the password is entered manually at startup
image

The password is visible in the process list when it is sent via the curl command
eg, as viewed in htop
Before:
image

How does this PR accomplish the above?:

Makes use of a heredoc to provide the json containing the password (and totp) to the curl command.

After:
image

Link documentation PRs if any are needed to support this PR:

N/A

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code and I have tested my changes.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)
  6. I have checked that another pull request for this purpose does not exist.
  7. I have considered, and confirmed that this submission will be valuable to others.
  8. I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  9. I give this submission freely, and claim no ownership to its content.
  • I have read the above and my PR is ready for review. Check this box to confirm

@rrobgill
Prevent password leakage via curl process information
6337a07 
Use a heredoc to pass the password (and totp) to curl so they don't
appear in process list.

Signed-off-by: Rob Gill <rrobgill@protonmail.com>
@rrobgill rrobgill requested a review from a team as a code owner January 15, 2026 06:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rrobgill