feat(helm): hiding password input on terminal

When using "helm repo add" with "--username" and without "--password", hide user's input with a password prompt. This allows users to not expose their passwords to the command line history.
6 years ago · 518a9d63e6
parent 4589ae2c45
commit 518a9d63e6
2 changed files with 21 additions and 0 deletions
--- a/cmd/helm/repo_add.go
+++ b/cmd/helm/repo_add.go
@ -22,9 +22,11 @@ import (

 	"github.com/spf13/cobra"

+	"golang.org/x/crypto/ssh/terminal"
 	"k8s.io/helm/pkg/getter"
 	"k8s.io/helm/pkg/helm/helmpath"
 	"k8s.io/helm/pkg/repo"
+	"syscall"
 )

 type repoAddCmd struct {
@ -73,6 +75,16 @@ func newRepoAddCmd(out io.Writer) *cobra.Command {
 }

 func (a *repoAddCmd) run() error {
+	if a.username != "" && a.password == "" {
+		fmt.Fprint(a.out, "Password:")
+		password, err := readPassword()
+		fmt.Fprintln(a.out)
+		if err != nil {
+			return err
+		}
+		a.password = password
+	}
+
 	if err := addRepository(a.name, a.url, a.username, a.password, a.home, a.certFile, a.keyFile, a.caFile, a.noupdate); err != nil {
 		return err
 	}
@ -80,6 +92,14 @@ func (a *repoAddCmd) run() error {
 	return nil
 }

+func readPassword() (string, error) {
+	password, err := terminal.ReadPassword(int(syscall.Stdin))
+	if err != nil {
+		return "", err
+	}
+	return string(password), nil
+}
+
 func addRepository(name, url, username, password string, home helmpath.Home, certFile, keyFile, caFile string, noUpdate bool) error {
 	f, err := repo.LoadRepositoriesFile(home.RepositoryFile())
 	if err != nil {
--- a/glide.yaml
+++ b/glide.yaml
@ -33,6 +33,7 @@ import:
 - package: golang.org/x/crypto
  subpackages:
  - openpgp
+  - ssh/terminal
 # pin version of golang.org/x/sys that is compatible with golang.org/x/crypto
 - package: golang.org/x/sys
  version: 43eea11