Suppress passphrase echo in terminal prompts.

Use golang.org/x/term.ReadPassword so passphrases are not displayed while typing, matching ssh behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 21:49:56 -07:00
parent 4ec71eae00
commit 3e0aabef4a
3 changed files with 13 additions and 8 deletions
--- a/cmd/sgard/add.go
+++ b/cmd/sgard/add.go
@@ -1,13 +1,12 @@
 package main

 import (
-	"bufio"
 	"fmt"
 	"os"
-	"strings"

 	"github.com/kisom/sgard/garden"
 	"github.com/spf13/cobra"
+	"golang.org/x/term"
 )

 var (
@@ -60,12 +59,17 @@ var addCmd = &cobra.Command{

 func promptPassphrase() (string, error) {
 	fmt.Fprint(os.Stderr, "Passphrase: ")
-	scanner := bufio.NewScanner(os.Stdin)
-	if scanner.Scan() {
-		return strings.TrimSpace(scanner.Text()), nil
+	fd := int(os.Stdin.Fd())
+	passphrase, err := term.ReadPassword(fd)
+	fmt.Fprintln(os.Stderr)
+	if err != nil {
+		return "", fmt.Errorf("reading passphrase: %w", err)
 	}
+	if len(passphrase) == 0 {
 		return "", fmt.Errorf("no passphrase provided")
 	}
+	return string(passphrase), nil
+}

 func init() {
 	addCmd.Flags().BoolVar(&encryptFlag, "encrypt", false, "encrypt file contents before storing")
--- a/flake.nix
+++ b/flake.nix
@@ -19,7 +19,7 @@
            src = pkgs.lib.cleanSource ./.;
            subPackages = [ "cmd/sgard" "cmd/sgardd" ];

-            vendorHash = "sha256-LSz15iFsP4N3Cif1PFHEKg3udeqH/9WQQbZ50sxtWTk=";
+            vendorHash = "sha256-Z/Ja4j7YesNYefQQcWWRG2v8WuIL+UNqPGwYD5AipZY=";

            ldflags = [ "-s" "-w" ];

@@ -35,7 +35,7 @@
            src = pkgs.lib.cleanSource ./.;
            subPackages = [ "cmd/sgard" "cmd/sgardd" ];

-            vendorHash = "sha256-LSz15iFsP4N3Cif1PFHEKg3udeqH/9WQQbZ50sxtWTk=";
+            vendorHash = "sha256-Z/Ja4j7YesNYefQQcWWRG2v8WuIL+UNqPGwYD5AipZY=";

            buildInputs = [ pkgs.libfido2 ];
            nativeBuildInputs = [ pkgs.pkg-config ];
--- a/go.mod
+++ b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/keys-pub/go-libfido2 v1.5.3
 	github.com/spf13/cobra v1.10.2
 	golang.org/x/crypto v0.49.0
+	golang.org/x/term v0.41.0
 	google.golang.org/grpc v1.79.3
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/yaml.v3 v3.0.1