From 96abc4952a2a18a4b5a767a98aab3619a205de08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Medek?= Date: Thu, 4 Dec 2025 11:15:34 +0100 Subject: [PATCH] feat: read user and password from environment variables - read environment variables BLAZECTL_USER and BLAZECTL_USER to avoid visible credentials in process list - added new section on environment variables to README.md --- README.md | 13 +++++++++++-- cmd/root.go | 13 +++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b37d15f..09d785c 100644 --- a/README.md +++ b/README.md @@ -53,14 +53,23 @@ Flags: -h, --help help for blazectl -k, --insecure allow insecure server connections when using SSL --no-progress don't show progress bar - --password string password information for basic authentication + --password string password information for basic authentication (env: BLAZECTL_PASSWORD) --token string bearer token for authentication - --user string user information for basic authentication + --user string user information for basic authentication (env: BLAZECTL_USER) -v, --version version for blazectl Use "blazectl [command] --help" for more information about a command. ``` +### Environment Variables + +To avoid visible credentials in the process list (e.g. by `ps`) by passing username and password on the command line, you can also provide them via environment variables: +```sh +export BLAZECTL_USER="myuser" +export BLAZECTL_PASSWORD="myS3cr3T" +blazectl upload --server http://localhost:8080/fhir my/bundles +``` + ### Upload You can use the upload command to upload transaction bundles to your server. Currently, JSON (*.json), [gzip compressed][7] JSON (*.json.gz), [bzip2 compressed][8] JSON (*.json.bz2) and NDJSON (*.ndjson) files are supported. If you don't have any transaction bundles, you can generate some with [SyntheaTM][5]. diff --git a/cmd/root.go b/cmd/root.go index c916bb8..8fd5942 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -53,6 +53,15 @@ func createClient() error { } func clientAuth() fhir.Auth { + // check for environment variables + var envUser = os.Getenv("BLAZECTL_USER") + if basicAuthUser == "" && envUser != "" { + basicAuthUser = envUser + } + var envPassword = os.Getenv("BLAZECTL_PASSWORD") + if basicAuthPassword == "" && envPassword != "" { + basicAuthPassword = envPassword + } if basicAuthUser != "" && basicAuthPassword != "" { return fhir.BasicAuth{User: basicAuthUser, Password: basicAuthPassword} } else if bearerToken != "" { @@ -85,8 +94,8 @@ func Execute() { func init() { rootCmd.PersistentFlags().BoolVarP(&disableTlsSecurity, "insecure", "k", false, "allow insecure server connections when using SSL") rootCmd.PersistentFlags().StringVar(&caCert, "certificate-authority", "", "path to a cert file for the certificate authority") - rootCmd.PersistentFlags().StringVar(&basicAuthUser, "user", "", "user information for basic authentication") - rootCmd.PersistentFlags().StringVar(&basicAuthPassword, "password", "", "password information for basic authentication") + rootCmd.PersistentFlags().StringVar(&basicAuthUser, "user", "", "user information for basic authentication (env: BLAZECTL_USER)") + rootCmd.PersistentFlags().StringVar(&basicAuthPassword, "password", "", "password information for basic authentication (env: BLAZECTL_PASSWORD)") rootCmd.PersistentFlags().StringVar(&bearerToken, "token", "", "bearer token for authentication") rootCmd.PersistentFlags().BoolVarP(&noProgress, "no-progress", "", false, "don't show progress bar") }