Add silent mode in read builtin

[siteshwar]

In silent mode, typed characters are not shown in terminal, Bash supports silent mode with '-s' flag, so read -s will not echo characters on terminal. We should have similar flag in fish's read builtin.

[dag]

On the one hand I want to say that fish scripting is mainly meant for scripting fish, I think, and what use does this have for that? On the other hand, I'm a sucker for security and think shoulder surfing is scary!

Maybe we could have it print asterisks or bullets for each typed character, mimicking GUI password inputs? Some feedback that the keys actuated and that the input got sent to the right window/terminal.

[terlar]

Another thing that this got me thinking about would be auto-accepting, like it takes one char and then accepts it.

Do you want to continue [Y/n], y, and that would send the command directly. Sorry for bringing that up in this issue though.

[jhillyerd]

@dag I'd like to be able to prompt for a password as part of setting up my proxy server environment variables.

[jhillyerd]

This is my workaround, not sure how portable it is:

echo -n 'Proxy Password: '
stty -echo
head -n 1 - | read -l pass
stty echo
echo

[leeola]

@dag

On the one hand I want to say that fish scripting is mainly meant for scripting fish, I think, and what use does this have for that?

I'm not sure what you mean by that. How is a silent read option, not fish scripting?

Regarding what use it has, the i think it would have the same uses as read -s in bash. Sensitive information (passwords), etc.

As a sidenote, a silent option would be great, as the alternative seems to be this verbose option:

stty -echo
if not read foo
  stty echo
  exit $status
stty echo

[ByScripts]

Any news on that issue? Would be great.

Thanks for the workaround though.

Edit: Just tried the workaround. Didn't work. After stty -echo I can still see the characters.

[leeola]

@ridiculousfish Any comment on this? A proper silent option is really useful (needed even?)

[ridiculousfish]

Seems reasonable to me.

[zanchey]

read -s is currently used to enable "shell" mode in the trunk source (not released) so either that needs to be moved or another option needs to be specified.

[tfga]

@jhillyerd's code as a function:

function readPasswd # prompt targetVar

    echo -n $argv[1]
    stty -echo
    head -n 1 | read -g $argv[2]
    stty echo
    echo

end

[Asuza]

I was writing a script this morning and was rather disappointed to discover I couldn't input via a "password" mode. Hoping this get implemented soon.

[ridiculousfish]

This seems like a nice to have feature

[cben]

Turns out read uses readline and stores history (#1504).
Does stty -echo interact sanely with readline?
IMNSHO whatever mechanism there will be to read silently should also inhibit history saving [at least by default].
I think this all points to a builtin flag of read being better than "do it yourself" / stdlib function.

[ghost]

I think this all points to a builtin flag of read being better than "do it yourself" / stdlib function.

👍

For a userland implementation see: #2166 (comment)

[krader1961]

Closed with squashed merge commit 8213885.

[Pysis868]

woo!!

GitHub - fish-shell/fish-shell - fish 2.6.0 (released June 3, 2017):

• ...
• read supports a new --silent option to hide the characters typed (Add silent mode in read builtin #838), for when reading sensitive data from the terminal. read also now accepts simple strings for the prompt (rather than scripts) with the new -P and --prompt-str options (Let read builtin take a custom prompt string #802).
• ...

[mwmcode]

Can we update the docs please?
https://fishshell.com/docs/2.6/commands.html#read

• doesn't show the --silent mode
• https://github.com/fish-shell/fish-shell/blob/master/doc_src/read.txt says -s for --silent which is not the case

[faho]

@mustafawm: We have, you're looking at an outdated version. See https://fishshell.com/docs/current/commands.html#read.

[mwmcode]

Oh! thanks @faho, I was running an older version (2.6) ...just installed the latest (3) via homebrew.

[dideler]

FWIW, made a very simple package to hide the input (instead of obscuring it): fish-read-silent

And an example use case as a dependency in another package: fish-index