Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For this example, don't just command line arguments. There's an API key there, you don't want an API key visible in your cmdline.


Then how would you SET the API key in the first place? :) The argument doesn't make any sense at all.


In some .profile or .envrc or what you'd call such a file, I suppose.


And you expect someone will be able to read your bash_history, but not your .profile?


Fair, I wasn't thinking about the details of how someone would lift out the bash history.


Using read or an equivalent, presumably. Just because you don't know why a practice is recommended against doesn't mean that there isn't a good alternative.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: