How to Use Encrypted Passwords in Shell Scripts on Linux

Bash scripts are an important part of a system administrator’s job. They allow you to automate both mundane and critical tasks.

One of the best things about scripts is that they can run independently without human intervention, but sometimes it can be difficult to automate tasks that require user passwords. Let’s look at how you can safely automate scripts that require passwords without compromising security.

Creating a simple script

Let’s say you want to create a simple script that will backup your Linux home folder to a remote location so you can easily restore your data in case of data loss.

First, create a bash script file in your home folder using the touch command or some other method and name it Feel free to use any name and directory of your choice.

The script uses the rsync Command, a powerful file copy tool to backup all files in your local home directory to a remote server.

Copy and paste the contents of the following script into your bash file. Remember to replace the user john with the correct name of your local home user. Also, provide the correct username and IP address for the remote server.

rsync -avl --mkpath /home/john user_name@remote_server/home/Backup

If you don’t have a remote server to test with, you can just install VirtualBox and set up a VM on your local machine. Use the VM guest as your remote server.

Save the file. To run the script, you must grant it execute permission with the command sudo chmod 755. All users can run the script, but only the sudo users can modify the file.

Finally, run the bash script from the terminal with the following command:


Whenever you run this script, you will be prompted for the remote server’s password. This is not ideal if you want to run the script without human intervention, e.g. B. when using cron.

Automate password login

To install sshpassa non-interactive password provider, on your local PC or the PC from which you run the script.

On Debian-based distributions

If you are using a Debian based distribution such as Ubuntu, Pop!_OS and Lubuntu:

sudo apt update && sudo apt install sshpass

On RHEL and Fedora

dnf install sshpass

After installing sshpass, change the script to look like the following.

sshpass -p "yourpassword" rsync -avl --mkpath /home/john user_name@remote_server/home/Backup

Enter the password in plain text here. Obviously this is not the ideal way as it is not safe and not good practice. If the script ever gets into the wrong hands, you’re in big trouble.

To make this more secure we use GnuPG, a secure and open source encryption tool.

Encrypt your password

GnuPG is installed by default on most Linux systems, but in case you don’t have it installed on your system, you can install GnuPG as follows.

Create a hidden file named secrets with the command Touch .Secrets. Since we’ve hidden the file by default as an extra security measure, here’s how to view hidden files on Linux.

In the Secrets file, enter and save your remote PC’s password.

Next, encrypt the file with the gpg Command.

sudo gpg .secrets

You will be asked to enter a secure and strong passphrase to open the encrypted file.

GnuPG creates a new file with the extension .gpg appended to the old filename. Your new filename should now be Secrets.gpgassuming you used those secrets filename.

If you merge the contents of secrets.gpg with the Cat command, you will be presented with gibberish text to show that your password is encrypted.

To view the contents of the file in plain text, you need to decrypt it with the following command (you will be prompted to enter the password you set during encryption):

gpg -dq secrect.gpg

Using an encrypted password in your script

To use the encrypted password in the script, update the script as follows:

gpg -dq secrets.gpg | sshpass rsync -avl --mkpath /home/john user_name@remote_server/home/Backup

Run the backup scripts again and this time you will not be prompted for a password.

Automate tasks with bash scripts

Commonly used for securing sensitive files and data on your PC, GnuGP is also a great tool for securing passwords in automated bash scripts on Linux.

You can do a lot with bash scripts. Bash is a powerful tool that you can use to automate many things on Linux, and learning to write bash scripts is a worthwhile investment.

Leave a Reply

Your email address will not be published. Required fields are marked *