From 322dbb887c2835d1e0fd56d062985dbfd7f649bb Mon Sep 17 00:00:00 2001
From: VonC <vonc@laposte.net>
Date: Thu, 6 Oct 2022 12:00:40 +0200
Subject: [PATCH] internal/credhelper/set.go: obfuscate by default, add
 password only for cmd execution

---
 internal/credhelper/set.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/credhelper/set.go b/internal/credhelper/set.go
index 5ab3020..ca665ce 100644
--- a/internal/credhelper/set.go
+++ b/internal/credhelper/set.go
@@ -21,8 +21,8 @@ func (ch *credHelper) Set(username, password, servername string) error {
 	if password == "" {
 		return fmt.Errorf("set: password is mandatory")
 	}
-	cmd := fmt.Sprintf("printf \"host=%s\\nprotocol=https\\nusername=%s\\npassword=%s\"|\"%s\" store", servername, username, password, ch.exe)
-	obfuscatedCmd := rePassword.ReplaceAllString(cmd, `password=xxxx"`)
+	obfuscatedCmd := fmt.Sprintf("printf \"host=%s\\nprotocol=https\\nusername=%s\\npassword=xxxx\"|\"%s\" store", servername, username, ch.exe)
+	cmd := rePassword.ReplaceAllString(obfuscatedCmd, fmt.Sprintf(`password=%s"`, password))
 	fmt.Println(obfuscatedCmd)
 	_, _, err := syscall.ExecCmd(cmd)