I'm new to bitcoin and I'm very concerned about keeping my wallet secure. As I prefer CLIs over GUIs for many reasons including security, I'm learning how to use the bitcoin-cli
command on GNU/Linux. In particular, the command bitcoin-cli walletpassphrase
lets you unlock your wallet for a specified amount of time in order to make a transaction. You're expected to run this command like so:
bitcoin-cli walletpassphrase p4$$w0rd 45
Where the last two arguments are the plaintext password and the unlock time in seconds. That's clearly not secure at all because your password is going to be stored in plaintext in ~/.bash_history
, and also someone could be watching you type your plaintext unobfuscated password over your shoulder, or also scroll back afterwards.
So, after trying some suggestions in this related post, I came up with a very simple solution. I have to mention that I use pass for storing my passwords:
pass bitcoin | xargs -I '{}' bitcoin-cli walletpassphrase '{}' 45
In other words, I use a pipe and xargs (see this post) to input my password and avoid all the aforementioned security issues.
My question is: is this really secure? Is there any possibility for an attacker to somehow obtain my password while it is travelling from pass
to bitcoin-cli
? Any other thoughts about this?