Hide the Exported ENV Variables From the History

Photo by Kevin Horvat on Unsplash

Hi, happy to join your community. This is my first post, so I start from the simple one, but useful. Maybe you don’t know about it yet.

When you work with the Linux server, sometimes you export some environment variables. Some envs can be neutral like

NODE_ENV=production 

or something else, but sometimes it must be safe like 

GITHUB_API_KEY

 or 

MYSQL_PASSWORD

.

The problem is if anyone accesses the server bash and enters the history command it will see the secrets:

...
1989  export MYSQL_PASSWORD=my_secret_mysql_password
...
2000  history
To be safe, before working with the bash, export Linux history control environment variable which is called 

HISTCONTROL

.

$ export HISTCONTROL=ignorespace

ignorespace means that if you leave the space before any bash command, it will be ignored in history.

So while exporting the secret environment variable, enter the space before export

$ export HISTCONTROL=ignorespace
# keep in mind space before export
$  export MYSQL_PASSWORD=my_secret_mysql_password
$ history

So now, the Mysql password will be ignored in history

...
1999  export HISTCONTROL=ignorespace
2000  history
This method is not only for environment variables, but it can also hide any bash command, even 

export HISTCONTROL=ignorespace

 itself.

Good luck and be safe! 🙂

Previously published at https://dev.to/epranka/hide-the-exported-env-variables-from-the-history-49ni

read original article here