CLI: provide password via environment variable

[NautiluX]

Use environment variable to unlock database

Summary

Currently, when using keepassxc-cli in scripts multiple times, I have to enter the password each time. I see that a cache as mentioned in this issue would mean a huge refactoring.

As a first easier step, I would like to be able to provide the password in an environment variable, so I can read it once at the beginning of my script and keepassxc-cli automatically uses it if the variable is set (guess that would be somewhere here).
I thought about implementing it right away, but I'd like to open a discussion around naming and usefulness.

Desired Behavior

Possible Solution

read environment variable (proposal: KEEPASS_DB_PASSWORD) here and use it to unlock database if set. If not, ask as before

Context

I want to execute multiple keepassxc-cli commands in one script without entering the password multiple times.

[droidmonkey]

That seems extraordinarily insecure. Just cache the password in a local variable

[NautiluX]

It's up to the user of it to use it in a secure or unsecure way I'd say. I don't see an issue in reading the password from CLI and use it in a script, it will only be stored in memory for the runtime of the script.

[droidmonkey]

We also have a open mode now in 2.5 that keeps the database open

[NautiluX]

sounds nice, can you point me to how to use it? Was looking for something like that, but didn't find anything in the help.

[droidmonkey]

man keepassxc-cli or add an -h after the command

[dverbeek84]

For people reading this issue:

echo "passsword" | keepassxc-cli ls vault.kdbx

[dzintars]

^ Just make sure to clean up the trails. echo is not the safest method.