Re: Entering a passphrase interactively in a runit script
> Interactive supervised services are generally not a good idea. If they > die, they cannot be respawned without user action, which goes against the > principle of supervision. If you need authentication, please consider > something similar to ssh-agent, which asks for interactive input once and > provides noninteractive authentication afterwards. Just a thought, that is where secret/state storage service can be helpful. Something similar s6-fdholder, but for arbitrary data instead of file descriptors.
Re: Entering a passphrase interactively in a runit script
I am not deeply familiar with runit, but you essentially what you need is to use some terminal or /dev/console as your script stdin and stdout. stdin is file descriptor 0 stdout is file descriptor 1 On 25 May 2016 at 11:50, Christophe-Marie Duquesnewrote: > Hi, > > I am trying to write a runit script that would require a passphrase > when starting. This passphrase must not exist in clear on the > filesystem, and it would require user interaction. > > I tried to have runit read the passphrase into the environment of the script: > > read -s PASSPHRASE > exec prog # reads PASSPHRASE from the environment > > but starting this with runit triggers no interaction, and the > PASSPHRASE variable ends up being empty. > > Any idea how to proceed? > > Cheers, > Christophe-Marie