From a5a4e3658ddc0c9692057ce5288fa1bb6f53bacc Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Mon, 29 Feb 2016 21:04:02 +0100
Subject: ask-password: add option --no-output to not print password to stdout

systemd-ask-password can store passwords in kernel keyring. However it
uses to print the passwords to standard output nevertheless. Depending
on where systemd-ask-password is called passwords may end on display
or in log, leaking sensitive information.
This allows to make systemd-ask-password quiet, effectively disabling
printing passwords to standard output.
---
 man/systemd-ask-password.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'man/systemd-ask-password.xml')

diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml
index 2a4d24349b..e84a15c554 100644
--- a/man/systemd-ask-password.xml
+++ b/man/systemd-ask-password.xml
@@ -192,6 +192,15 @@
         This will output one password per line.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><option>--no-output</option></term>
+
+	<listitem><para>Do not print passwords to standard output.
+	This is useful if you want to store a password in kernel
+	keyring with <option>--keyname</option> but do not want it
+	to show up on screen or in logs.</para></listitem>
+      </varlistentry>
+
       <xi:include href="standard-options.xml" xpointer="help" />
     </variablelist>
 
-- 
cgit v1.2.3-54-g00ecf