openssl hmac and key on the command line

Francois rigault.francois at
Sun Aug 7 16:20:56 UTC 2022


I am reading some doc instructing me to run

    printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}

Doing so would leak the APP_TOKEN on the command line arguments (so a
user running a "ps" at the right time would see the APP_TOKEN in
clear). Due to my machine setup,  programs started and their arguments
also end up in an audit log.

I am reading the documentation on, that
points at the preferred
, and all
the examples have the key in clear text on the command line.

Is there an equivalent command I can run that will not leak the key?

Best regards

More information about the openssl-users mailing list