Safe way to pass password for >1 programs in bash

view full story

http://unix.stackexchange.com – I'm writing a bash script, and need to ask user for his password and pass it to openssl. Whilst openssl can read the password itself, I need for two runs of the program and don't want to ask the user twice. Here is the script: cp file{,.old} read -sp 'Enter password. ' PASS; echo export PASS # decode | edit | encode openssl enc -d -aes-256-cbc -k "$PASS" -in file.old | \ sed ... | openssl enc -e -aes-256-cbc -k "$PASS" -out file unset PASS This is not safe as the password is easily available by looking at the command line; somebody can read it using ps, for example. openssl can read a (HowTos)