GELI passphrase and/or key via command line or environment

Joseph Kerian jkerian at gmail.com
Tue Aug 30 19:30:08 UTC 2011


On Tue, Aug 30, 2011 at 12:46 AM, grarpamp <grarpamp at gmail.com> wrote:

> For both init and attach (and even elsewhere where
> applicable), I'd like to be able to specify the passphrase
> and key material via the command line and/or the environment.
> Yes, we have -J/j and -K/k, but they only permit the use of files
> or standard in. And of course standard in is not an arbitrary
> file descriptor and as such is only usable once. So it cannot
> be used with both jay and kay. I use both jay and kay, and want
> to do so programmatically without blocking on keyboard input.
> In the current implementation, I cannot achieve this.
>
> I'm well aware of all security implications of command line
> and environment usage.
>
> Please offer your consideration of this feature request :)
> Thanks.
>

I realize this isn't quite the same thing, but if you're using bash, you can
achieve something like that with command file-redirection.

geli <cmd> -j <(echo "My j-file-contents") -k <(echo "My k-file-contents)

If you want to see how this works, try variants on it
cat <(echo "foo")
echo <(echo "foo")
ls -la <(echo "foo")


-- 
--
Joe Kerian
Email: jkerian at gmail.com


More information about the freebsd-geom mailing list