[ilyt]

Some apps only accept password in commandline.

The better written ones might accept it in env but that will also stay in history.

But if someone have access to your home they can put keylogger in the .profile/.bashrc so it's not really relevant...

[ellieh]

Sure, but something like this also works well:

`the-command --password $(read -s;echo $REPLY)`

[ilyt]

yeah now instead of history you can get the app's password via `ps aux` :D

also you still have the `export REPLY=password` in history.

sure you can source it out of file but, well, that file have same permissions (or looser! if you forgot to change) as your .bash_history file.

`cat password|command` is the safest one (or, well, something 12 factor app clowns hate, a config file)