Reading a EncFS volume password from a file

The almighty EncFS which is now my preferred option for encrypted file systems has a possibility to read the volume password from a vriety of inputs. According to the man page :

       --extpass=program
           Specify an external program to use for getting the user password.
           When the external program is spawned, the environment variable
           "RootDir" will be set to contain the path to the root directory.
           The program should print the password to standard output.

           EncFS takes everything returned from the program to be the pass‐
           word, except for a trailing newline (\n) which will be removed.

           For example, specifying --extpass=/usr/lib/ssh/ssh-askpass will
           cause EncFS to use ssh's password prompt program.

           Note: EncFS reads at most 2k of data from the password program, and
           it removes any trailing newline.  Versions before 1.4.x accepted
           only 64 bytes of text.

       -S, --stdinpass
           Read password from standard input, without prompting.  This may be
           useful for scripting encfs mounts.

           Note that you should make sure the filesystem and mount points
           exist first.  Otherwise encfs will prompt for the filesystem cre‐
           ation options, which may interfere with your script.

In my scripts, I first used the following option :

echo myP4ssw0rd | enfcs -S /home/jc/encrypted /tmp/decrypted/

But… that’s not a very wise way to do it as you may end up having those entries in your bash history. A ps command may as well reveal the password.

So instead, let’s hide the password from the actual command line by reading if from a file

One can something quite fancy with the --extpass option, but I found an easy way to read the password from a file :

cat /home/jc/.password | enfcs -S /home/jc/encrypted /tmp/decrypted/