Add force-plaintext-read
#3
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a macro
force-plaintext-read, which forces the password to be read viaread-line.The motivation for this is remote repls. If I'm connected to a remote repl and try to decrypt my secrets, it will attempt to read the password from console or swing on the host, which might not be available or convenient.
I'm not 100% sure that it's a good idea to encourage decrypting remotely in the first place, it would require one to be aware of the security implications of however the password is sent to the server.
There are probably some alternative options to somehow use
with-passwordinstead.For what it's worth, I use inf-clojure in emacs mode which wraps comint mode, which has a feature to automatically prompt a user for password without echoing when sees printed any output that looks like a password prompt, which works out of the box with the Secrets read-line password reader. I'm not sure if this is a common thing in other tooling. But if I didn't happen to have no-echo for my password input in these situations, I probably wouldn't have thought to add this as a feature, which might be a hint it's a bad idea in the library.