security: replace --passphrase PHRASE with --passphrase-fd and getpass

Remove --passphrase PHRASE from auth keygen/recover/rotate — it was visible in ps aux and /proc/pid/cmdline to any local user on the system.

Safe delivery channels in priority order: 1. --passphrase-fd N — pipe fd; never appears in process table 2. MUSE_BIP39_PASSPHRASE env var — visible to owner in /proc/pid/environ 3. Interactive getpass prompt — TTY only, no echo 4. Empty string — standard BIP-39 behaviour

Add module-level _isatty() / _getpass() hooks for test monkeypatching. Add 11 tests in test_passphrase_secure.py covering fd, getpass, flag rejection, and priority order. Update test_bip39_passphrase.py and test_auth_rotate.py to use the new interface.

sha256:e3216d3355ffd8fca6eabb7732ca88dc7024cb7f79a6592f0a67099307afcfa7 sha

sha256:16d36a7fd82056419e2f4ffa62fcc0ebcf4fde11429f7a9d69a48a27ef014a45 parent

sha256:9837850fb8e1cec9e66ae38cd1d0d22f067eb5215e2a26e3018c354d777e6853 snapshot

← Older Oldest on task/secure-passphrase-fd

All commits

Newer → Latest on task/secure-passphrase-fd

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:e3216d3355ffd8fca6eabb7732ca88dc7024cb7f79a6592f0a67099307afcfa7 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:9837850fb8e1cec9e66ae38cd1d0d22f067eb5215e2a26e3018c354d777e6853

Files 0

Browse tree at this commit →

Commit

SHA sha256:e3216d3355ffd8fca6eabb7732ca88dc7024cb7f79a6592f0a67099307afcfa7

Parent

sha256:16d36a7fd82056419e2f4ffa62fcc0ebcf4fde11429f7a9d69a48a27ef014a45

Branch task/secure-passphrase-fd