Merge pull request #2625 from enkore/issue/2623

docs: don't suggest to leak BORG_PASSPHRASE
2017-06-06 21:32:11 +02:00 · 2017-06-06 21:32:11 +02:00 · bdd5f7c1e9
parent 68b61acffd 3faafb1dee
commit bdd5f7c1e9
2 changed files with 3 additions and 2 deletions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -266,6 +266,7 @@ See :ref:`encrypted_repos` for more details.
 .. _password_env:
 .. note:: Be careful how you set the environment; using the ``env``
          command, a ``system()`` call or using inline shell scripts
+          (e.g. ``BORG_PASSPHRASE=hunter12 borg ...``)
          might expose the credentials in the process list directly
          and they will be readable to all users on a system. Using
          ``export`` in a shell script file should be safe, however, as
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@ -169,8 +169,8 @@ may be surprised that the following ``export`` has no effect on your command::
   export BORG_PASSPHRASE='complicated & long'
   sudo ./yourborgwrapper.sh  # still prompts for password

-For more information, see sudo(8) man page. Hint: see ``env_keep`` in
-sudoers(5), or try ``sudo BORG_PASSPHRASE='yourphrase' borg`` syntax.
+For more information, refer to the sudo(8) man page and ``env_keep`` in
+the sudoers(5) man page.

 .. Tip::
    To debug what your borg process is actually seeing, find its PID