Kyle Isom
818c0c2e14
Returns []byte so callers can zeroize the buffer after use. Refactors internals to share readRaw between both variants. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
37 lines
912 B
Go
37 lines
912 B
Go
// Package terminal provides secure terminal input helpers for CLI tools.
|
|
package terminal
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
|
|
"golang.org/x/term"
|
|
)
|
|
|
|
// ReadPassword prints the given prompt to stderr and reads a password
|
|
// from the terminal with echo disabled. It prints a newline after the
|
|
// input is complete so the cursor advances normally.
|
|
func ReadPassword(prompt string) (string, error) {
|
|
b, err := readRaw(prompt)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return string(b), nil
|
|
}
|
|
|
|
// ReadPasswordBytes is like ReadPassword but returns a []byte so the
|
|
// caller can zeroize the buffer after use.
|
|
func ReadPasswordBytes(prompt string) ([]byte, error) {
|
|
return readRaw(prompt)
|
|
}
|
|
|
|
func readRaw(prompt string) ([]byte, error) {
|
|
fmt.Fprint(os.Stderr, prompt)
|
|
b, err := term.ReadPassword(int(os.Stdin.Fd())) //nolint:gosec // fd fits in int
|
|
fmt.Fprintln(os.Stderr)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return b, nil
|
|
}
|