How do I keep user names and passwords secret in Curl command lines?
This problem has two sides: The first part is to avoid having clear-text passwords in the command line so that they don’t appear in ‘ps’ outputs and similar. That is easily avoided by using the “-K” option to tell curl to read parameters from a file or stdin to which you can pass the secret info. curl itself will also attempt to “hide” the given password by blanking out the option – this doesn’t work on all platforms. To keep the passwords in your account secret from the rest of the world is not a task that curl addresses. You could of course encrypt them somehow to at least hide them from being read by human eyes, but that is not what anyone would call security. Also note that regular HTTP (using Basic authentication) and FTP passwords are sent in clear across the network. All it takes for anyone to fetch them is to listen on the network. Eavesdropping is very easy. Use more secure authentication methods (like Digest, Negotiate or even NTLM) or consider the SSL-based alternatives HTTP
