If I use a password as a command-line parameter it’s public on the system

Question

Editorial Team

Asked: May 23, 20262026-05-23T15:21:55+00:00 2026-05-23T15:21:55+00:00

If I use a password as a command-line parameter it’s public on the system using ps.

But if I’m in a bash shell script and I do something like:

...
{ somecommand -p mypassword }
...

is this still going to show up in the process list? Or is this safe?

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-05-23T15:21:55+00:00

Command lines will always be visible (if only through /proc).

So the only real solution is: don’t. You might supply it on stdin, or a dedicated fd:

./my_secured_process some parameters 3<<< "b@dP2ssword"

with a script like (simplicity first)

#!/bin/bash
cat 0<&3

(this sample would just dump a bad password to stdout)

Now all you need to be concerned with is:

MITM (spoofed scripts that eaves drop the password, e.g. by subverting PATH)
bash history retaining your password in the commandline (look at HISTIGNORE for bash, e.g.)
the security of the script that contains the password redirection
_{security of the tty’s used; keyloggers; … as you can see, we have now descended into ‘general security principles’}

The Archive Base Latest Questions