mask password

build.sh

@@ -21,6 +21,7 @@ usage() {
 
 username="janitor"
 password="$(pwgen -ns 16 1)"
+password_mask="false"
 hostname="machine"
 domain="example.org"
 iso_url="https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso"
@@ -31,7 +32,7 @@ apt_pkgs=()
 while getopts u:p:n:d:a:i:s:o:vh opt; do
     case $opt in
     u) username="$OPTARG" ;;
-    p) password="$OPTARG" ;;
+    p) password="$OPTARG" ; password_mask="true" ;;
     n) hostname="$OPTARG" ;;
     d) domain="$OPTARG" ;;
     a) apt_pkgs+=("$OPTARG") ;;
@@ -82,10 +83,15 @@ sed -i "s#auto=true#auto=true file=/cdrom/preseed.cfg#" "${workdir}/adtxt.cfg"
 cp -a configs/*   "${workdir}"
 cp -a installer/* "${workdir}"
 
-# replace tokens
-find "${workdir}" -type f -exec sed -i "s#@USERNAME@#${username}#" {} \;
+# generate password hash
 salt="$(pwgen -ns 16 1)"
 hash="$(mkpasswd -m sha-512 -S "${salt}" "${password}")"
+if test "${password_mask}" == "true"; then
+    password="$(echo "${password}" | tr '[:print:]' 'x')"
+fi
+
+# replace tokens
+find "${workdir}" -type f -exec sed -i "s#@USERNAME@#${username}#" {} \;
 sed -i "s#@PASSHASH@#${hash}#"        "${workdir}/preseed.cfg"
 sed -i "s#@HOSTNAME@#${hostname}#"    "${workdir}/preseed.cfg"
 sed -i "s#@DOMAIN@#${domain}#"        "${workdir}/preseed.cfg"