Force restic to ask the password when adding a key.

As `restic key add` uses the same `ReadPasswordTwice()` as the
rest of restic, it is sensitive to the environment variable
RESTIC_PASSWORD or --password-file= override.

When asking for the new key, temporary remove these 2 overrides, forcing
the password to be asked.
This commit is contained in:
Pauline Middelink 2017-07-24 22:00:44 +02:00
parent 608adf15a3
commit d9b9bbd4a8

View file

@ -3,6 +3,7 @@ package main
import (
"context"
"fmt"
"os"
"github.com/restic/restic/internal/errors"
"github.com/restic/restic/internal/repository"
@ -59,7 +60,16 @@ func getNewPassword(gopts GlobalOptions) (string, error) {
return testKeyNewPassword, nil
}
return ReadPasswordTwice(gopts,
// Since we already have an open repository, temporary remove the overrides
// to prompt the user for their passwd
oldPasswd := os.Getenv("RESTIC_PASSWORD")
defer func() { os.Setenv("RESTIC_PASSWORD", oldPasswd) }()
os.Unsetenv("RESTIC_PASSWORD")
newopts := gopts
newopts.password = ""
newopts.PasswordFile = ""
return ReadPasswordTwice(newopts,
"enter password for new key: ",
"enter password again: ")
}