Im trying to install Drupal using the drush command:
drush -y -v site-install standard --db-url=mysql://${db_user}:${db_pass}@${db_host}:${db_port}/${db_name} --account-name=${DRUPAL_ADM_USER} --account-pass=${DRUPAL_ADM_PASS} --locale=${LANG} --site-name=\"${DRUPAL_SITE_NAME}\";
It is using a MySQL database and I have to pass its user and password on the db-url option, but I dont want that this sensitive information appear in my console history.
I would like some help hiding this information. Thanks in advance.
Here 2 commands that may be useful to prevent sensitive data from being logged in your command line history :
Use the read command to prompt for the password prior to run drush site-install.
# Read standard input and store it into db_pass
# -s prevents echoing the input.
# -p <string> outputs the string without a trailing newline before.
read -s -p "Password : " db_pass
You can also source variables from an external file using the source or dot operator (source or ., but that means information are stored in plain text (or encrypted at best), so setting the appropriate permissions for such file should be considered first. Usage :
# Create ~/install.conf and make it initialize db_user
echo 'db_user=foobar' > ~/install.conf
# Execute ~/install.conf commands in the current shell context.
. ~/install.conf
# Test : outputs 'foobar'
echo ${db_user}
A typical installation script uses both methods, in your case if all variables except db_pass were to be stored/initialized in ~/install.conf, you would do something like this :
#!/bin/bash
. ~/install.conf
read -p 'Press [ Enter ] to begin installation'
while [ -z "$db_pass" ] || [ "$db_pass" != "$check" ]; do
read -s -p "Password: " db_pass && echo
read -s -p "Confirm Password : " check && echo
done
drush -y -v site-install standard --db-url=mysql:\\//${db_user}:${db_pass}@${db_host}:${db_port}/${db_name} --account-name=${DRUPAL_ADM_USER} --account-pass=${DRUPAL_ADM_PASS} --locale=${LANG} --site-name=\"${DRUPAL_SITE_NAME}\";