问题
Prior to 3.0 there was a way to do that:
# ...
set :mysql_password, proc { Capistrano::CLI.password_prompt "Gimme remote database server password. Don't worry, I won't tell anyone: " }
# ...
namespace :db do
desc 'Dump remote database'
task :dump do
run "mysqldump -u #{mysql_user} -p #{mysql_database} > ~/#{mysql_database}.sql" do |channel, stream, data|
if data =~ /^Enter password:/
channel.send_data "#{mysql_password}\n"
end
end
end
end
It prompts for password, doesn't show it as you type and leaves no traces of it in the logs and the output.
Now, as of 3.0 the only way I have found:
# ...
namespace :db do
desc 'Dump remote database'
task :dump do
ask :mysql_password, nil
on roles(:db) do
execute "mysqldump -u#{fetch :mysql_user} -p#{fetch :mysql_password} #{fetch :mysql_database} > ~/#{fetch :mysql_database}.sql"
end
end
end
It does the job but reveals password everywhere.
Have anyone found a secure way for password prompting in 3.0? Thanks!
回答1:
Currently, no, might be on the next minor version (3.2):
It would be helpful if
ask()had an option to not echo input, similar to the previousCapistrano::CLI.password_prompt
...
Either way, it'll be a 3.2 thing.
回答2:
# Capistrano >= 3.3.3 supports `echo: false`
ask :password, 'default', echo: false
server 'server.domain.com', user: 'ssh_user_name', port: 22, password: fetch(:password), roles: %w{web app db}
— faq@capistranorb.com
— @mattbrictson, capistrano/capistrano
来源:https://stackoverflow.com/questions/20789912/capistrano-3-0-how-securely-prompt-for-password-now