On 05/11/2021 13:44, Patrick Monnerat via curl-library wrote:
On 11/5/21 10:43, Stephen Booth via curl-library wrote:
If I use basic-auth the curl binary hides the credentials passed on
the command line from being seen using ps -1
Whats the best way of protecting bearer tokens in the same way?
AFAIK the only way of setting a bearer token is to use the generic -H
flag
You should use the --oauth2-bearer option. Unfortunately it does not
(yet) obfuscate its argument. A PR for it is pending:
https://github.com/curl/curl/pull/7964
Patrick
Thank you Patrick. I think that would be a big improvement
especially for interactive use where people don't have time to setup
config files etc.
I missed the --oauth-bearer option because I checked the flags on an old
box with an old curl version :-)
Stephen
======================================================================
|epcc| Dr Stephen P Booth Principal Architect |epcc|
|epcc| [email protected] Phone 0131 650 5746 |epcc|
======================================================================
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
