Re: Entering a passphrase interactively in a runit script

[Max Ivanov]

>  Interactive supervised services are generally not a good idea. If they
> die, they cannot be respawned without user action, which goes against the
> principle of supervision. If you need authentication, please consider
> something similar to ssh-agent, which asks for interactive input once and
> provides noninteractive authentication afterwards.


Just a thought, that is where secret/state storage service can be
helpful. Something similar s6-fdholder, but for arbitrary data instead
of file descriptors.

Re: Entering a passphrase interactively in a runit script

[Max Ivanov]

I am not deeply familiar with runit, but you essentially what you need
is to use some terminal or /dev/console as your script stdin and
stdout.

stdin is file descriptor 0
stdout is file descriptor 1

On 25 May 2016 at 11:50, Christophe-Marie Duquesne  wrote:
> Hi,
>
> I am trying to write a runit script that would require a passphrase
> when starting. This passphrase must not exist in clear on the
> filesystem, and it would require user interaction.
>
> I tried to have runit read the passphrase into the environment of the script:
>
> read -s PASSPHRASE
> exec prog # reads PASSPHRASE from the environment
>
> but starting this with runit triggers no interaction, and the
> PASSPHRASE variable ends up being empty.
>
> Any idea how to proceed?
>
> Cheers,
> Christophe-Marie