How to handle secrets on the command line

The command line really wasn't designed for secrets. Keeping secrets secret on the command line requires some extra care and effort. We'll look at three methods for handling secrets on the command line: Using piped data, credential files, and environment variables. Give each secret a file! Any program that accepts secrets should be able to accept them by passing a filename or by redirecting a file into STDIN. You can also use files to pass secrets into Docker containers with mounted volumes. Secrets managers can be great because they can make it easier to get secrets closer to where they are used. A Docker container can call out to a secrets manager for its secrets. Often you need to run a secrets manager server and hit an API. And even with a secrets manager, you may still need Bash to shuttle the secret into your target application.