555 reads
555 reads

Hide the Exported ENV Variables From the History

by Edvinas PrankaFebruary 4th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

When working with the Linux server, sometimes you export some environment variables. The problem is if anyone accesses the server bash and enters the history command it will see the secrets. This method is not only for environment variables, but it can also hide any bash command, even if you leave the space before any Bash command, it will be ignored in history. The method is also used to hide any Bash commands, even though it can be used to work with Linux history control. For example, the Mysql password will now be ignored.

Company Mentioned

Mention Thumbnail
featured image - Hide the Exported ENV Variables From the History
Edvinas Pranka HackerNoon profile picture

Hi, happy to join your community. This is my first post, so I start from the simple one, but useful. Maybe you don't know about it yet.

When you work with the Linux server, sometimes you export some environment variables. Some envs can be neutral like 

NODE_ENV=production
or something else, but sometimes it must be safe like 
GITHUB_API_KEY
 or 
MYSQL_PASSWORD
.

The problem is if anyone accesses the server bash and enters the history command it will see the secrets:

...
1989  export MYSQL_PASSWORD=my_secret_mysql_password
...
2000  history

To be safe, before working with the bash, export Linux history control environment variable which is called 

HISTCONTROL
.

$ export HISTCONTROL=ignorespace

ignorespace means that if you leave the space before any bash command, it will be ignored in history.

So while exporting the secret environment variable, enter the space before export

$ export HISTCONTROL=ignorespace
# keep in mind space before export
$  export MYSQL_PASSWORD=my_secret_mysql_password
$ history

So now, the Mysql password will be ignored in history

...
1999  export HISTCONTROL=ignorespace
2000  history

This method is not only for environment variables, but it can also hide any bash command, even 

export HISTCONTROL=ignorespace
 itself.

Follow on TwitterGitHub, and let’s connect on LinkedIn

Good luck and be safe! :)

Previously published at https://dev.to/epranka/hide-the-exported-env-variables-from-the-history-49ni

Databricks <> AWS Marketplace
L O A D I N G
. . . comments & more!

About Author

Edvinas Pranka HackerNoon profile picture
Edvinas Pranka@epranka
Software engineer
Read my storiesAbout @epranka

TOPICS

purcat-imgprogramming#linux#bash#tips#ubuntu#programming#coding#staging-environments#local-dev-environment

THIS ARTICLE WAS FEATURED IN...

Arweave
Read on Terminal Reader Terminal
Read this story w/o Javascript Lite
Coffee-web
Csdn
Hashnode
Learnrepo
Hashnode

RELATED STORIES

Article Thumbnail
Build Your Own Currency Exchange Web App in ~100 lines using CRA [A Step By Step Guide]
by epranka
Feb 29, 2020
#react
Article Thumbnail
20,000 Leagues Under Your Shell
by tylerjl
Jun 13, 2022
#linux
Article Thumbnail
47 Stories To Learn About Bash
by learn
Apr 10, 2023
#bash
Article Thumbnail
A Basic Guide to MySQL Tests Automation
by yuridanilov
Apr 25, 2023
#mysql
Article Thumbnail
A Web Service Written in Pure Bash.
by hhsnopek
Dec 28, 2016
#bash
Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas

Categories

Trending Topics

blockchaincryptocurrencyhackernoon-top-storyprogrammingsoftware-developmenttechnologystartuphackernoon-booksBitcoinbooks