Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Finding a way to not have the tezos-client secret key recorded in shell history as a part of the key import process #244

Open
alexzbusko opened this issue Sep 6, 2022 · 0 comments
Open

Finding a way to not have the tezos-client secret key recorded in shell history as a part of the key import process #244

alexzbusko opened this issue Sep 6, 2022 · 0 comments

Comments

@alexzbusko
Copy link

As part of the key import process we have to put the client secret key into a command for importing. This poses a security risk since the history file will keep this information for likely either the next 500 or 1000 commands.

There are some options we have that we can provide users to get this information off of their system:

  1. Have the command prefixed with a space character. This depends on the HISTCONTROL environment variable. If it is set to ignoreboth it will not include the command in the history
  2. If the command history -d $(history 1) is added onto the end of a command it will remove the command from the history (reference: https://www.tecmint.com/run-linux-command-without-saving-in-history/)

The above are two possible solutions we can give to users as options for not committing the secret key to their history. They will need to be explored and I am just putting this here as a starting point
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
signatory project
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexzbusko