return b64;
}
+static char *masked_key(const unsigned char masked_key[static WG_KEY_LEN])
+{
+ const char *var = getenv("WG_HIDE_KEYS");
+ if (var && !strcmp(var, "never"))
+ return key(masked_key);
+ return "(hidden)";
+}
+
static char *ip(const struct wgipmask *ip)
{
static char buf[INET6_ADDRSTRLEN + 1];
if (memcmp(device->public_key, zero, WG_KEY_LEN))
terminal_printf(" " TERMINAL_BOLD "public key" TERMINAL_RESET ": %s\n", key(device->public_key));
if (memcmp(device->private_key, zero, WG_KEY_LEN))
- terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", key(device->private_key));
+ terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", masked_key(device->private_key));
if (memcmp(device->preshared_key, zero, WG_KEY_LEN))
- terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", key(device->preshared_key));
+ terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", masked_key(device->preshared_key));
if (device->port)
terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->port);
if (device->num_peers) {
.TP
.I WG_COLOR_MODE
If set to \fIalways\fP, always print ANSI colorized output. If set to \fInever\fP, never print ANSI colorized output. If set to \fIauto\fP, something invalid, or unset, then print ANSI colorized output only when writing to a TTY.
+.TP
+.I WG_HIDE_KEYS
+If set to \fInever\fP, then the pretty-printing \fBshow\fP sub-command will show private and pre-shared keys in the output. If set to \fIalways\fP, something invalid, or unset, then private and pre-shared keys will be printed as "(hidden)".
.SH SEE ALSO
.BR ip (8),
projects / thirdparty / wireguard-tools.git / commitdiff
