add secure password input via env var and stdin prompt

main.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 
+	"golang.org/x/term"
 	"layeh.com/barnard/uiterm"
 	"layeh.com/gumble/gumble"
 	_ "layeh.com/gumble/opus"
@@ -15,12 +16,29 @@ func main() {
 	// Command line flags
 	server := flag.String("server", "localhost:64738", "the server to connect to")
 	username := flag.String("username", "", "the username of the client")
-	password := flag.String("password", "", "the password of the server")
+	password := flag.String("password", "", "the password of the server (use MUMBLE_PASSWORD env var instead)")
+	passwordPrompt := flag.Bool("password-prompt", false, "prompt for server password on stdin")
 	insecure := flag.Bool("insecure", false, "skip server certificate verification")
 	certificate := flag.String("certificate", "", "PEM encoded certificate and private key")
 
 	flag.Parse()
 
+	// Resolve password: env var > flag > prompt
+	pass := os.Getenv("MUMBLE_PASSWORD")
+	if pass == "" {
+		pass = *password
+	}
+	if pass == "" && *passwordPrompt {
+		fmt.Fprint(os.Stderr, "Password: ")
+		raw, err := term.ReadPassword(int(os.Stdin.Fd()))
+		fmt.Fprintln(os.Stderr)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "%s\n", err)
+			os.Exit(1)
+		}
+		pass = string(raw)
+	}
+
 	// Initialize
 	b := Barnard{
 		Config:  gumble.NewConfig(),
@@ -28,7 +46,7 @@ func main() {
 	}
 
 	b.Config.Username = *username
-	b.Config.Password = *password
+	b.Config.Password = pass
 
 	if *insecure {
 		b.TLSConfig.InsecureSkipVerify = true