UNCLASSIFIED - NO CUI

Skip to content

Avoid leaking credentials via ps

Joseph Sible requested to merge credential-leak into master

The warning that using --password via the CLI is insecure is actually because other users can see the password with the ps command, not because it gets saved to history. Fix the problem by piping the token in with a here string instead, which doesn't show up in ps.

The install_flux.sh script has the same security vulnerability, but since it's in a different repo, it will need to be fixed separately.

Merge request reports