0

I am using cURL command in a shell script. If I use curl with -u login:password option, we can have access to these login and password as they are visible to anyone.

Is there way to make password not clear in script file (or encrypt and decrypt it)?

Willi Mentzel
  • 27,862
  • 20
  • 113
  • 121
Techno Freak
  • 69
  • 1
  • 5
  • 13
  • 1
    Check [this answer](http://stackoverflow.com/a/27894407/978414). This has nothing to do with encryption though. – ivann May 12 '16 at 11:10
  • Thanxx @igwan but my curl is included in a script and is accessing a url on artifactory – Techno Freak May 12 '16 at 11:31
  • 1
    best practice would be to pass the credentials to your script like: sh script.sh USERNAME PASSWORD. – Willi Mentzel May 12 '16 at 11:42
  • Possible duplicate of [Using cURL with a username and password?](http://stackoverflow.com/questions/2594880/using-curl-with-a-username-and-password) – jwodder May 12 '16 at 12:38
  • @jwodder: the way the question is asked, i don't consider it a duplicate. it is not about how to pass credentials, it is about how to do it safely. – Willi Mentzel May 12 '16 at 12:41
  • @TechnoFreak Did this solve your problem? – Willi Mentzel Jun 07 '16 at 11:30
  • if you have the script user's public key, you can encrypt it with his public key, and make your script decrypt it on your user with his private key – hanshenrik Jul 21 '20 at 17:17

1 Answers1

1

An example based on Base64:

curl -X GET -k -H 'Authorization: Basic dGVzdDpwYXNzd29yZA==' -i 'https://yoursite.com'

Base64 decoded: test:password

Base64 encoded: dGVzdDpwYXNzd29yZA==

Mihail Duchev
  • 4,691
  • 10
  • 25
  • 32
Olli
  • 19
  • 1