0

I am trying to do something similar to Avoiding plain-text password in http_proxy but inside the .wgetrc/.curlrc configuration files. For whatever reason, I have spotty luck by passing proxy settings through the command line (i.e. the configuration files are completely reliable).

The problem is that I don't want my proxy password in plaintext anywhere on the system (e.g. in my bash_history or hardcoded into the rc files). Is there any workaround to leverage bash functionality within these rc files? Ideally, I wouldn't have spotty luck with the CLI proxy settings but I haven't been able to pinpoint why this is the case.

Sterling Butters
  • 107
  • 5
  • by the way, feel encouraged to ask a new question about your problems with specifying proxy by means of command line options – this seems to be the real issue here. – Marcus Müller Jul 26 '23 at 16:36
  • @MarcusMüller Sort of. There are some cases in my configuration where I don't think this alleviates the issues e.g. snapd reading from /etc/environment and not having (as far as I'm aware) a way to pass proxy settings via CLI. – Sterling Butters Jul 27 '23 at 14:21
  • Please ask a new question about that! None of that is magic :) – Marcus Müller Jul 27 '23 at 21:02
  • @MarcusMüller Here you are: https://unix.stackexchange.com/questions/752654/automating-proxy-configuration-across-multiple-applications-without-plaintext-pa – Sterling Butters Jul 28 '23 at 14:21

1 Answers1

1

Is there any workaround to leverage bash functionality within these rc files?

No. These are files read by a program, following their own syntax rules. They are not scripts to be executed like shell scripts.

You can use bash (or rather, any other, potentially much more sensible programming language) for the task of getting the secrets from some secret storage, and generating an appropriate settings file on the fly, and outputting it on stdout; then pass that as temporary file to curl and get, e.g.

# pass the config file through stdin
yourprogramhere | curl --config - https://tutorials.gnuradio.org
# OR
# pass the config file as temporary file, not in bash, but in modern shells
#!/usr/bin/zsh
curl --config =(yourprogramhere) https://tutorials.gnuradio.org
# OR
# pass the config file as pipe handle; works in bash, but might not work with programs that try to seek in their rc/config files
curl --config <(yourprogramhere) https://tutorials.gnuradio.org
Marcus Müller
  • 21,602
  • 2
  • 39
  • 54
  • This would definitely work for curl which has that ability to pass a config file via the CLI. How could you also achieve this with snap, yum/apt also (I realize it's my fault for not including these applications in the original question). If you provide a solution for these applications, I will gladly accept your answer – Sterling Butters Jul 27 '23 at 14:33
  • Snap is a new requirement that you didn't mention in your question. Honestly, if there's now many programs, it makes way more sense to solve the original problem instead of solving 20 different configuration problems. – Marcus Müller Jul 27 '23 at 21:03