Prior to 3.0
there was a way to do that:
# ...
set :mysql_password, proc { Capistrano::CLI.password_prompt "Gimme remote database server password. Don't worry, I won't tell anyone: " }
# ...
namespace :db do
desc 'Dump remote database'
task :dump do
run "mysqldump -u #{mysql_user} -p #{mysql_database} > ~/#{mysql_database}.sql" do |channel, stream, data|
if data =~ /^Enter password:/
channel.send_data "#{mysql_password}\n"
end
end
end
end
It prompts for password, doesn't show it as you type and leaves no traces of it in the logs and the output.
Now, as of 3.0
the only way I have found:
# ...
namespace :db do
desc 'Dump remote database'
task :dump do
ask :mysql_password, nil
on roles(:db) do
execute "mysqldump -u#{fetch :mysql_user} -p#{fetch :mysql_password} #{fetch :mysql_database} > ~/#{fetch :mysql_database}.sql"
end
end
end
It does the job but reveals password everywhere.
Have anyone found a secure way for password prompting in 3.0
? Thanks!
Currently, no, might be on the next minor version (3.2):
It would be helpful if
ask()
had an option to not echo input, similar to the previousCapistrano::CLI.password_prompt
...
Either way, it'll be a 3.2 thing.
# Capistrano >= 3.3.3 supports `echo: false`
ask :password, 'default', echo: false
server 'server.domain.com', user: 'ssh_user_name', port: 22, password: fetch(:password), roles: %w{web app db}
— [email protected]
— @mattbrictson, capistrano/capistrano
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With