Whatever we write on the Shell, its history is saved on the HISTFILE.
If you go and type history
on your terminal, you're going to see a list of all the commands you recently typed.
What is Shell's history?
Think of it like your browser history, where all the sites you have visited are stored, but when you don't want to keep that history, you switch to Incognito Mode. Like the browser, we can switch to Incognito Mode when working with secrets and other sensitive data that we don't want to be leaked on the history.
How many times have you done this to test out something, and the next thing you know, this is logged in your history
.
export AWS_PASSWORD="xyz#31"
All of our histories are saved on a file; depending on your shell environment, HISTFILE
can be in a certain location with a certain name.
echo $HISTFILE
# View the contents of HISTFILE
cat ${HISTFILE}
And how much history is saved is determined by the HISTSIZE
environment variable.
echo $HISTSIZE
You can change the HISTSIZE
to let's say store only the last 100 commands you have written.
export HISTSIZE=100
Incognito Mode on Bash shell
To use the Bash shell on Incognito mode all we have to do is unset the HISTFILE
.
unset HISTFILE
This will unset the history file for the current terminal session, meaning, if you restart the terminal session or open a new instance of the Bash shell, you won't find any history.
To see that in action, write some random unique commands you can identify on the terminal, and restart the terminal.
# Do random things
# ...
# Refresh bash session
exec bash
# Check history
history
Incognito mode on ZSH
ZSH has one of the easiest ways of disabling history, all you have to do is add a space in front of the command and that won't be listed on the HISTFILE
.
# space in front of the command
echo "Goodbye History"
And just like that, you won't have any history
. If this is not working out for you, go to the zsh configuration file, usually .zshrc
, and follow the instructions below.
# open the config file and write
setopt HIST_IGNORE_SPACE
# close and save the config file
# execute the contents of config file
source <path-to-zsh_config_file>
Incognito mode on Fish Shell
Fish shell has a built-in private mode that can be enabled with ease using:
fish --private
Once you are done with dealing with sensitive data, you can just exit from the private mode and there will be no single trace of history
.
# exit from private mode
exit
# check history
history
Conclusion
Hope this has been a helpful guide on working with sensitive data on your terminal. If you want to read more articles like this make sure to subscribe to my newsletter and YouTube channel.