passing password to curl on command line

Question

I have a requirement where I am trying to write a shell script which is calling curl command internally. I have the password, username and url stored as variables in the script. However, since I want to avoid using user:password format of curl command in the script, I am just using curl --user command. My intention is to pass the password through stdin. So, I am trying something like this -

#!/bin/bash
user="abcuser"
pass="trialrun"
url="https://xyz.abc.com"
curl --user $user $url 2>&1 <<EOF
$pass
EOF

But this is not working. I know there are variations to this question being asked, but I didn't quite get the exact answer, hence posting this question.

Answer 1

There is no need for complicated redirection or use of third-party tools for passing a password to curl without exposing it on the command-line nor the history.

Simply use -u with only the username. curl will automatically prompt for the missing password in stdin, thus safely hiding typed keys and preventing it from appearing in the shell history:

curl https://myprotectedservice.com -u myname
Enter host password for user 'myname':

Answer 2

To expand on @nbari's answer, if you have a tool "get-password" that can produce a password on stdout, you can safely use this invocation:

user="abcuser"
url="https://xyz.abc.com"
get-password $user | sed -e "s/^/-u $user:/" | curl -K- $url

The password will be written to a pipe. We use sed to massage the password into the expected format. The password will therefore never be visible in ps or in the history.

Answer 3

You can use:

curl -u abcuser:trialrun https://xyz.abc.comp

In your script:

curl -u ${user}:${pass} ${url}

To read from stdin:

curl  https://xyz.abc.com -K- <<< "-u user:password"

When using -K, --config specify - to make curl read the file from stdin

That should work for HTTP Basic Auth, from the curl man:

-u, --user <user:password>

 Specify the user name and password to use for server authentication.