Reading a EncFS volume password from a file
The almighty EncFS which is now my preferred option for encrypted file systems has a possibility to read the volume password from a vriety of inputs. According to the man page :
--extpass=program Specify an external program to use for getting the user password. When the external program is spawned, the environment variable "RootDir" will be set to contain the path to the root directory. The program should print the password to standard output. EncFS takes everything returned from the program to be the pass‐ word, except for a trailing newline (\n) which will be removed. For example, specifying --extpass=/usr/lib/ssh/ssh-askpass will cause EncFS to use ssh's password prompt program. Note: EncFS reads at most 2k of data from the password program, and it removes any trailing newline. Versions before 1.4.x accepted only 64 bytes of text. -S, --stdinpass Read password from standard input, without prompting. This may be useful for scripting encfs mounts. Note that you should make sure the filesystem and mount points exist first. Otherwise encfs will prompt for the filesystem cre‐ ation options, which may interfere with your script.
In my scripts, I first used the following option :
echo myP4ssw0rd | enfcs -S /home/jc/encrypted /tmp/decrypted/
But… that’s not a very wise way to do it as you may end up having those entries in your bash history. A ps
command may as well reveal the password.
So instead, let’s hide the password from the actual command line by reading if from a file
One can something quite fancy with the --extpass
option, but I found an easy way to read the password from a file :
cat /home/jc/.password | enfcs -S /home/jc/encrypted /tmp/decrypted/
first option solved it..
thanks
[…] a simple script to be called by systemd on startup using cat to pass your password over to […]