Accept SECRET_KEY using prompt and standard input.

The secret -key is taken as an input from promt and stdin . This is done to avoid the credetials shown
in ps aux command. Adding a new user asks for a password to enter.

cmd/admin-user-add.go

@@ -17,19 +17,28 @@
 package cmd
 
 import (
+ "fmt"
+
+ prompt "github.com/c-bata/go-prompt"
  "github.com/fatih/color"
  "github.com/minio/cli"
  json "github.com/minio/mc/pkg/colorjson"
  "github.com/minio/mc/pkg/console"
  "github.com/minio/mc/pkg/probe"
 )
 
+var userAddFlags = []cli.Flag{
+ cli.BoolFlag{
+ Name: "stdin",
+ Usage: "allow a stdin remove operation",
+ },
+}
 var adminUserAddCmd = cli.Command{
  Name: "add",
  Usage: "add a new user",
  Action: mainAdminUserAdd,
  Before: setGlobalsFromContext,
- Flags: globalFlags,
+ Flags: append(userAddFlags, globalFlags...),
  CustomHelpTemplate: `NAME:
  {{.HelpName}} - {{.Usage}}
 
@@ -43,16 +52,27 @@ FLAGS:
  {{range .VisibleFlags}}{{.}}
  {{end}}
 EXAMPLES:
- 1. Add a new user 'foobar' to MinIO server with policy 'writeonly'.
+ 1. Add a new user 'foobar' to MinIO server with policy 'writeonly'. Prompts for a psssword.
+ $ set +o history
+ $ {{.HelpName}} myminio foobar writeonly
+ Enter Password >>>foo12345
+ $ set -o history
+ 2. Add a new user 'foobar' to MinIO server with policy 'writeonly'. Prompts for a psssword.
+ $ set +o history
+ $ {{.HelpName}} myminio foobar writeonly
+ Enter Password >>>foo12345
  $ set -o history
-  $ {{.HelpName}} myminio foobar foo12345 writeonly
+ 3. Add a new user 'foobar' to MinIO server with policy 'writeonly' using standard input.
  $ set +o history
+ $ echo foobar123 | {{.HelpName}} --stdin myminio foobar writeonly
+ $ set -o history 
+ 
 `,
 }
 
 // checkAdminUserAddSyntax - validate all the passed arguments
 func checkAdminUserAddSyntax(ctx *cli.Context) {
- if len(ctx.Args()) != 4 {
+ if len(ctx.Args()) != 3 {
  cli.ShowCommandHelpAndExit(ctx, "add", 1) // last argument is exit code
  }
 }
@@ -108,17 +128,27 @@ func mainAdminUserAdd(ctx *cli.Context) error {
 
  console.SetColor("UserMessage", color.New(color.FgGreen))
 
+ stdin := ctx.Bool("stdin")
+
  // Get the alias parameter from cli
  args := ctx.Args()
  aliasedURL := args.Get(0)
 
+ secretKey := ""
+ if stdin {
+ fmt.Scanln(&secretKey)
+ } else {
+ secretKey = prompt.Input("Enter Password >>> ", completer,
+ prompt.OptionPrefixTextColor(prompt.Yellow))
+ }
+
  // Create a new MinIO Admin Client
  client, err := newAdminClient(aliasedURL)
  fatalIf(err, "Cannot get a configured admin connection.")
 
- fatalIf(probe.NewError(client.AddUser(args.Get(1), args.Get(2))).Trace(args...), "Cannot add new user")
+ fatalIf(probe.NewError(client.AddUser(args.Get(1), secretKey)).Trace(args...), "Cannot add new user")
 
- fatalIf(probe.NewError(client.SetUserPolicy(args.Get(1), args.Get(3))).Trace(args...), "Cannot set user policy for new user")
+ fatalIf(probe.NewError(client.SetUserPolicy(args.Get(1), args.Get(2))).Trace(args...), "Cannot set user policy for new user")
 
  printMsg(userMessage{
  op: "add",

cmd/config-host-add.go

@@ -17,9 +17,11 @@
 package cmd
 
 import (
+ "fmt"
  "math/rand"
  "time"
 
+ prompt "github.com/c-bata/go-prompt"
  "github.com/fatih/color"
  "github.com/minio/cli"
  "github.com/minio/mc/pkg/console"
@@ -36,6 +38,10 @@ var hostAddFlags = []cli.Flag{
  Name: "api",
  Usage: "API signature. Valid options are '[S3v4, S3v2]'",
  },
+ cli.BoolFlag{
+ Name: "stdin",
+ Usage: "allow a standard input in adding host",
+ },
 }
 var configHostAddCmd = cli.Command{
  Name: "add",
@@ -55,47 +61,57 @@ FLAGS:
  {{range .VisibleFlags}}{{.}}
  {{end}}
 EXAMPLES:
- 1. Add Amazon S3 storage service under "mys3" alias. For security reasons turn off bash history momentarily.
+ 1. Add Amazon S3 storage service under "mys3" alias. For security reasons turn off bash history momentarily. Console prompts for the secret key.
  $ set +o history
  $ {{.HelpName}} mys3 https://s3.amazonaws.com \
- BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
+ BKIKJAA5BMMU2RHO6IBB 
+ Enter Secret Key >>>V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
  $ set -o history
 
- 2. Add Amazon S3 accelerated storage service under "mys3-accel" alias. For security reasons turn off bash history momentarily.
+ 2. Add Amazon S3 accelerated storage service under "mys3-accel" alias. For security reasons turn off bash history momentarily. Console prompts for the secret key.
  $ set +o history
  $ {{.HelpName}} mys3-accel https://s3-accelerate.amazonaws.com \
- BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
+ BKIKJAA5BMMU2RHO6IBB 
+ Enter Secret Key >>>V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 
  $ set -o history
 
- 3. Add Amazon S3 IAM temporary credentials with limited access, please make sure to override the signature probe by explicitly
- providing the signature type.
+ 3. Add Amazon S3 IAM temporary credentials with limited access, please make sure to override the signature probe by explicitly. 
+ providing the signature type. Console prompts for the secret key.
  $ set +o history
  $ {{.HelpName}} mys3-iam https://s3.amazonaws.com \
- BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api "s3v4"
+ BKIKJAA5BMMU2RHO6IBB --api "s3v4"
+ Enter Secret Key >>>V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
  $ set -o history
 
- 4. Add S3 API compatible storage service under "myminio" alias, to use dns style bucket lookup. For security reasons turn off bash history momentarily.
- $ set +o history
- $ {{.HelpName}} myminio http://localhost:9000 \
- minio minio123 --api "s3v4" --lookup "dns"
- $ set -o history
+ 4. Add S3 API compatible storage service under "myminio" alias, to use dns style bucket lookup. For security reasons turn off bash history momentarily. Console prompts for the secret key.
+ $ set +o history
+ $ {{.HelpName}} myminio http://localhost:9000 \
+ minio --api "s3v4" --lookup "dns"
+ Enter Secret Key >>>minio123
+ $ set -o history
+
+ 5. Add Amazon S3 storage service under "mys3" alias with secret key passed using standard input. For security reasons turn off bash history momentarily. 
+ $ set +o history
+ $ echo V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 | {{.HelpName}} --stdin mys3 \
+ https://s3.amazonaws.com BKIKJAA5BMMU2RHO6IBB 
+ $ set -o history 
 
 `,
 }
 
 // checkConfigHostAddSyntax - verifies input arguments to 'config host add'.
-func checkConfigHostAddSyntax(ctx *cli.Context) {
+func checkConfigHostAddSyntax(ctx *cli.Context, secretKey string) {
  args := ctx.Args()
  argsNr := len(args)
- if argsNr < 4 || argsNr > 5 {
+ if argsNr < 3 || argsNr > 4 {
  fatalIf(errInvalidArgument().Trace(ctx.Args().Tail()...),
  "Incorrect number of arguments for host add command.")
  }
 
  alias := args.Get(0)
  url := args.Get(1)
  accessKey := args.Get(2)
- secretKey := args.Get(3)
+ //secretKey := args.Get(3)
  api := ctx.String("api")
  bucketLookup := ctx.String("lookup")
  if !isValidAlias(alias) {
@@ -221,19 +237,33 @@ func buildS3Config(url, accessKey, secretKey, api, lookup string) (*Config, *pro
  return s3Config, nil
 }
 
+// completer returns the suggested item from Document
+func completer(t prompt.Document) []prompt.Suggest {
+ return []prompt.Suggest{}
+}
+
 func mainConfigHostAdd(ctx *cli.Context) error {
- checkConfigHostAddSyntax(ctx)
 
  console.SetColor("HostMessage", color.New(color.FgGreen))
  var (
  args = ctx.Args()
  url = trimTrailingSeparator(args.Get(1))
  accessKey = args.Get(2)
- secretKey = args.Get(3)
  api = ctx.String("api")
+ stdin = ctx.Bool("stdin")
  lookup = ctx.String("lookup")
  )
 
+ secretKey := ""
+ if stdin {
+ fmt.Scanln(&secretKey)
+ } else {
+ secretKey = prompt.Input("Enter Secret Key >>> ", completer,
+ prompt.OptionPrefixTextColor(prompt.Yellow))
+ }
+
+ checkConfigHostAddSyntax(ctx, secretKey)
+
  s3Config, err := buildS3Config(url, accessKey, secretKey, api, lookup)
  fatalIf(err.Trace(ctx.Args()...), "Unable to initialize new config from the provided credentials.")
 

docs/minio-admin-complete-guide.md

@@ -92,13 +92,22 @@ MinIO server displays URL, access and secret keys.
 #### Usage
 
 ```sh
-mc config host add <ALIAS> <YOUR-MINIO-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY>
+mc config host add <ALIAS> <YOUR-MINIO-ENDPOINT> <YOUR-ACCESS-KEY>
+
+```
+
+```sh
+Enter Secret Key >>><YOUR-SECRET-KEY>
 ```
 
 Alias is simply a short name to your MinIO service. MinIO end-point, access and secret keys are supplied by your MinIO service. Admin API uses "S3v4" signature and cannot be changed.
 
 ```sh
-mc config host add minio http://192.168.1.51:9000 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
+mc config host add minio http://192.168.1.51:9000 BKIKJAA5BMMU2RHO6IBB
+```
+
+```sh
+Enter Secret Key >>>V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
 ```
 
 ## 4. Test Your Setup
@@ -336,10 +345,16 @@ COMMANDS:
  list list all users
 ```
 
-*Example: Add a new user 'newuser' on MinIO, with 'newpolicy' policy.*
+*Example: Add a new user 'newuser' on MinIO, with 'newpolicy' policy. Prompts for password*
+
+```sh
+mc admin user add myminio/ newuser newpolicy
+Enter Password >>>newuser123
+```
+*Example: Add a new user 'newuser' on MinIO, with 'newpolicy' policy using standard input*
 
 ```sh
-mc admin user add myminio/ newuser newuser123 newpolicy
+echo newuser123 | mc admin user add myminio/ newuser newpolicy
 ```
 
 *Example: Change policy for a user 'newuser' on MinIO to 'writeonly' policy.*

docs/minio-client-complete-guide.md

@@ -117,8 +117,13 @@ To add one or more Amazon S3 compatible hosts, please follow the instructions be
 #### Usage
 
 ```sh
-mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> <API-SIGNATURE>
+mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <API-SIGNATURE>
 ```
+This prompts for secret key.
+```sh
+Enter Secret Key >>><YOUR-SECRET-KEY>
+```
+
 
 Alias is simply a short name to your cloud storage service. S3 end-point, access and secret keys are supplied by your cloud storage provider. API signature is an optional argument. By default, it is set to "S3v4".
 
@@ -127,23 +132,43 @@ MinIO server displays URL, access and secret keys.
 
 
 ```sh
-mc config host add minio http://192.168.1.51 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api S3v4
+mc config host add minio http://192.168.1.51 BKIKJAA5BMMU2RHO6IBB --api S3v4
+```
+This prompts for secret key.
+```sh
+Enter Secret Key >>>V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
 ```
 
 ### Example - Amazon S3 Cloud Storage
 Get your AccessKeyID and SecretAccessKey by following [AWS Credentials Guide](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html).
 
 ```sh
-mc config host add s3 https://s3.amazonaws.com BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api S3v4
+mc config host add s3 https://s3.amazonaws.com BKIKJAA5BMMU2RHO6IBB --api S3v4
+```
+This prompts for secret key.
+```sh
+Enter Secret Key >>>V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
 ```
 
 ### Example - Google Cloud Storage
 Get your AccessKeyID and SecretAccessKey by following [Google Credentials Guide](https://cloud.google.com/storage/docs/migrating?hl=en#keys)
 
 ```sh
-mc config host add gcs https://storage.googleapis.com BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api S3v2
+mc config host add gcs https://storage.googleapis.com BKIKJAA5BMMU2RHO6IBB --api S3v2
+```
+```sh
+Enter Secret Key >>>V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12
+```
+
+### Example - MinIO Cloud Storage using standard input
+MinIO server displays URL, access and secret keys.
+
+
+```sh
+echo V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 | mc config host add minio --stdin http://192.168.1.51 BKIKJAA5BMMU2RHO6IBB --api S3v4
 ```
 
+
 NOTE: Google Cloud Storage only supports Legacy Signature Version 2, so you have to pick - S3v2
 
 ### Specify host configuration through environment variable
@@ -1032,9 +1057,18 @@ Add MinIO server access and secret keys to config file host entry. Note that, th
 
 ```sh
 set +o history
-mc config host add myminio http://localhost:9000 OMQAGGOL63D7UNVQFY8X GcY5RHNmnEWvD/1QxD3spEIGj+Vt9L7eHaAaBTkJ
+mc config host add myminio http://localhost:9000 OMQAGGOL63D7UNVQFY8X
+Enter Secret Key >>>GcY5RHNmnEWvD/1QxD3spEIGj+Vt9L7eHaAaBTkJ
 set -o history
 ```
+Add MinIO server access and secret keys to config file host entry using standard input.
+```sh
+set +o history
+echo GcY5RHNmnEWvD/1QxD3spEIGj+Vt9L7eHaAaBTkJ | mc config host add myminio --stdin http://localhost:9000 OMQAGGOL63D7UNVQFY8X 
+set -o history
+```
+
+
 
 <a name="update"></a>
 ### Command `update` - Software Updates

functional-tests.sh

@@ -25,7 +25,7 @@
 # as MinIO server.
 #
 # * For other, call this script with environment variables MINT_MODE,
-# MINT_DATA_DIR, SERVER_ENDPOINT, ACCESS_KEY, SECRET_KEY and ENABLE_HTTPS. It
+# MINT_DATA_DIR, SERVER_ENDPOINT, ACCESS_KEY, SECRET_KEY and ENABLE_HTTPS. It 
 # uses mc executable binary in current working directory and uses given MinIO
 # server to run tests. MINT_MODE is set by mint to specify what category of
 # tests to run.
@@ -598,7 +598,7 @@ function test_config_host_add()
  show "${FUNCNAME[0]}"
  start_time=$(get_time)
 
- assert_success "$start_time" "${FUNCNAME[0]}" mc_cmd config host add "${SERVER_ALIAS}1" "$ENDPOINT" "$ACCESS_KEY" "$SECRET_KEY"
+ assert_success "$start_time" "${FUNCNAME[0]}" $( echo "$SECRET_KEY" | mc_cmd config host add --stdin "${SERVER_ALIAS}1" "$ENDPOINT" "$ACCESS_KEY" )
  assert_success "$start_time" "${FUNCNAME[0]}" mc_cmd config host list "${SERVER_ALIAS}1"
 
  log_success "$start_time" "${FUNCNAME[0]}"
@@ -609,7 +609,7 @@ function test_config_host_add_error()
  show "${FUNCNAME[0]}"
  start_time=$(get_time)
 
- out=$("${MC_CMD[@]}" --json config host add "${SERVER_ALIAS}1" "$ENDPOINT" "$ACCESS_KEY" "invalid-secret")
+ out=$(echo "invalid-secret" | "${MC_CMD[@]}" --json config host add --stdin "${SERVER_ALIAS}1" "$ENDPOINT" "$ACCESS_KEY")
  assert_failure "$start_time" "${FUNCNAME[0]}" show_on_success $? "adding host should fail"
  got_code=$(echo "$out" | jq -r .error.cause.error.Code)
  if [ "${got_code}" != "SignatureDoesNotMatch" ]; then
@@ -920,10 +920,10 @@ function __init__()
  echo "unable to get md5sum of $FILE_65_MB"
  exit 1
  fi
- assert_success "$start_time" "${FUNCNAME[0]}" mc_cmd config host add "${SERVER_ALIAS}" "$ENDPOINT" "$ACCESS_KEY" "$SECRET_KEY"
- assert_success "$start_time" "${FUNCNAME[0]}" mc_cmd config host add "${SERVER_ALIAS_TLS}" "$ENDPOINT" "$ACCESS_KEY" "$SECRET_KEY"
+ assert_success  "$start_time" "${FUNCNAME[0]}" $( echo "$SECRET_KEY" | mc_cmd config host add --stdin "${SERVER_ALIAS}" "$ENDPOINT" "$ACCESS_KEY"  )
+ assert_success "$start_time" "${FUNCNAME[0]}" $(echo "$SECRET_KEY" | mc_cmd config host add --stdin "${SERVER_ALIAS_TLS}" "$ENDPOINT" "$ACCESS_KEY"  )
 
-  set +e
+ set +e
 }
 
 function main()