DJ CLI tools often have arguments which represent secrets or credentials of some sort, such as passwords or key store PINs. It is tempting to pass the credential to the tool directly:
However, the clear text password is exposed directly on the terminal and may be retrieved later on via the shell history or my querying the running processes by using a tool such as "ps -f".
The user may attempt to avoid this by passing the credential via an environment variable or a file:
However, it is still possible to discover the password using a tool like "ps -f". As a workaround our tools often provide an additional argument for passing in the credential via a file. However, this leads to a proliferation of command line arguments and still doesn't make it easy to use environment variables.
It would be better if we took a similar approach to Java's keytool command:
This should be relatively easy to support, especially for the long argument form, by simply updating the ArgumentParser code to detect arguments of the form "xxx:env" or "xxx:file" in com.forgerock.opendj.cli.ArgumentParser#parseArgumentWithLongId(). We may be able to also support this format for single character arguments, but only for non-boolean arguments where the argument value is separated from the argument name with a space.
Once this issue is complete it should be possible to deprecate all file based arguments as well as the com.forgerock.opendj.cli.FileBasedArgument itself.