Backing Up Without Exposing Password

cbbackup takes a password on the command line, which puts that password at risk of being exposed by any user on that server doing a ps().

Is it possible to initiate a backup (and restore) without providing the password in argv? Maybe there is a way to set an env variable that will be read by tools instead of reading argv?

If that isn't possible, how about a REST interface? I looked over the docs, but didn't see anything in the summary about starting a backup over REST.

An alternative would be for me to call the python library functions directly, but I'd like to avoid that if possible.

Any other ideas? Thanks in advance...

1 Answer

« Back to question.

I ended up writing about 75 lines of python as a wrapper that would fetch the password from a file on disk and then pass that to pump_transfer's Backup class. It seems to work so far, just less than ideal. I'd love to see Couchbase provide a standard way to avoid passing passwords on the command line.