how do I hide curl arguments from command line?

Question

I have a cronjob that runs this command:

curl -s -G -H Authorization: Bearer ${mysecret} ${myurl}

I'm a ding dong--I just realized everyone can see my password when they issue a "ps -ef | grep curl". I tried using the -d option, but was unsuccessful. Do you know how I can hide the value for $mysecret?

You could ditch shell and curl and use a language like python or perl that have a http user agent library. — glenn jackman, Nov 21 '18 at 23:47
Put the command in a script and call the script from the cronjob. — Travis Clarke, Nov 22 '18 at 00:06
@TravisClarke that won't work, people will still be able to see the curl password by running the ps command. — hanshenrik, Nov 22 '18 at 00:50
[How to run cron jobs with sensitive data?](https://stackoverflow.com/q/46848054/608639). — jww, Nov 22 '18 at 07:58

score 8 · Accepted Answer · answered Nov 22 '18 at 00:44

8

See curl - Read headers from file. You've got two options.

For new versions (7.55 and newer) of curl:

curl -H @filename ${myurl}

Where filename holds header and the secrets: Authorization: Bearer mysecret
For older versions create a config file:

curl -K filename ${myurl}

Where filename holds the option: -H "Authorization: Bearer mysecret"

answered Nov 22 '18 at 00:44

YuvGM

414
2
6

2

Please note, that the double quotes in the second option are important. When I skip them or use single quotes, authentication fails. – Onnonymous Feb 24 '20 at 15:07

how do I hide curl arguments from command line?

1 Answers1