[#1675] kea-admin: KEA_ADMIN_DB_PASSWORD env var

2025-08-22 18:08:16 +00:00 · 2021-04-14 15:44:38 +03:00 · 2021-04-14 15:44:38 +03:00 · 6db37ae63e
commit 6db37ae63e
parent fc099c9b1a
3 changed files with 17 additions and 10 deletions
--- a/14
+++ b/14
@ -1,15 +1,11 @@
 1885.	[func]		andrei
 	kea-admin is now able to interactively ask for a password if no
 	parameter follows the -p or the --password parameters. This
-	requires the user to give it as the last parameter. If another
-	option starting with dash follows, that would be taken as the
-	actual password, would not be processed as it should have been
-	and all your parameters will be offset by one. Checking if the
-	word that follows starts with dash is also not possible because
-	that would not allow for passwords starting with dash. Feedback
-	of the password to the terminal is cut off to prevent
-	over-the-shoulder snooping and other social engineering
-	techniques.
+	requires the user to give it as the last parameter. The entered
+	password is not echoed back to the terminal in order to prevent
+	over-the-shoulder snooping or other social engineering
+	techniques. Alternatively, you can set the password via the
+	KEA_ADMIN_DB_PASSWORD environment variable.
 	(Gitlab #1675)

 1884.	[doc]		fdupont
--- a/doc/sphinx/man/kea-admin.8.rst
+++ b/doc/sphinx/man/kea-admin.8.rst
@ -72,7 +72,9 @@ Arguments
 ``-p|--password password``
   Specifies the password when connecting to a database.
   If only ``-p`` or ``--password`` is given, the user is prompted for a password.
-   If not specified at all, the default value of **keatest** is used.
+   If not specified at all, the **KEA_ADMIN_DB_PASSWORD** environment variable
+   is checked for a value and used if it exists.
+   Otherwise the default value of **keatest** is used.

 ``-n|--name database-name``
   Specifies the name of the database to connect to. If not specified, the
--- a/src/bin/admin/kea-admin.in
+++ b/src/bin/admin/kea-admin.in
@ -749,6 +749,7 @@ do
            ;;
        # Specify database password
        -p|--password)
+            password_parameter_passed=true
            # If there is at least one more parameter following...
            if test "${#}" -gt 1; then
                # Then take it as password.
@ -819,6 +820,14 @@ do
    shift
 done

+# After all the parameters have been parsed, check environment variables.
+if test -z "${password_parameter_passed+x}"; then
+    if test -n "${KEA_ADMIN_DB_PASSWORD+x}"; then
+        printf 'Using the value of KEA_ADMIN_DB_PASSWORD for authentication...\n'
+        db_password="${KEA_ADMIN_DB_PASSWORD}"
+    fi
+fi
+
 case ${command} in
    # Initialize the database
    db-init)