refactor(client/keys): hide inputting when keys add -i ask for bip39 passphrase

client/input/input.go

@@ -77,6 +77,21 @@ func GetString(prompt string, buf *bufio.Reader) (string, error) {
 	return strings.TrimSpace(out), nil
 }
 
+// GetSecretString returns the secret string output of a given reader.
+func GetSecretString(prompt string, buf *bufio.Reader) (secret string, err error) {
+	if inputIsTty() {
+		secret, err = speakeasy.FAsk(os.Stderr, prompt)
+	} else {
+		secret, err = readLineFromBuf(buf)
+	}
+
+	if err != nil {
+		return "", err
+	}
+
+	return secret, nil
+}
+
 // inputIsTty returns true iff we have an interactive prompt,
 // where we can disable echo and request to repeat the password.
 // If false, we can optimize for piped input from another command

client/keys/add.go

@@ -313,16 +313,21 @@ func runAddCmd(ctx client.Context, cmd *cobra.Command, args []string, inBuf *buf
 
 	// override bip39 passphrase
 	if interactive {
-		bip39Passphrase, err = input.GetString(
+		bip39Passphrase, err = input.GetSecretString(
 			"Enter your bip39 passphrase. This is combined with the mnemonic to derive the seed. "+
-				"Most users should just hit enter to use the default, \"\"", inBuf)
+				"Most users should just hit enter to use the default, \"\"\n", inBuf)
 		if err != nil {
 			return err
 		}
 
 		// if they use one, make them re-enter it
 		if len(bip39Passphrase) != 0 {
-			p2, err := input.GetString("Repeat the passphrase:", inBuf)
+			if len(bip39Passphrase) < input.MinPassLength {
+				// Return the given password to the upstream client so it can handle a
+				// non-STDIN failure gracefully.
+				return fmt.Errorf("password must be at least %d characters", input.MinPassLength)
+			}
+			p2, err := input.GetPassword("Repeat the passphrase:\n", inBuf)
 			if err != nil {
 				return err
 			}