starred/terminal
1
0
Fork 0
mirror of https://github.com/microsoft/terminal.git synced 2026-02-03 21:25:34 +00:00
Code Issues 19.0k Packages Projects Releases 20 Wiki Activity

Hide/obfuscate sensitive data like passwords copied from clipboard #18684

New Issue
Open
opened 2026-01-31 06:21:17 +00:00 by claunia · 3 comments
claunia commented 2026-01-31 06:21:17 +00:00
Owner
Copy Link

Originally created by @daafonsecato on GitHub (Oct 14, 2022).

Description of the new feature/enhancement

When we use a password manager we always use the clipboard to paste passwords in the terminal when doing ssh (password authentication) or running commands as a Privileged User but if we paste the password multiple times the password would be visible

Proposed technical implementation details (optional)

Create a feature to enable users to input a regex pattern so that when text is copied from the clipboard the Windows Terminal replaces that sensitive information with non-word characters (*/#, or even not show anything at all) after paste.

A different way would be an integration with password managers to input data without using the clipboard.

Originally created by @daafonsecato on GitHub (Oct 14, 2022). <!-- 🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨 I ACKNOWLEDGE THE FOLLOWING BEFORE PROCEEDING: 1. If I delete this entire template and go my own path, the core team may close my issue without further explanation or engagement. 2. If I list multiple bugs/concerns in this one issue, the core team may close my issue without further explanation or engagement. 3. If I write an issue that has many duplicates, the core team may close my issue without further explanation or engagement (and without necessarily spending time to find the exact duplicate ID number). 4. If I leave the title incomplete when filing the issue, the core team may close my issue without further explanation or engagement. 5. If I file something completely blank in the body, the core team may close my issue without further explanation or engagement. All good? Then proceed! --> # Description of the new feature/enhancement <!-- A clear and concise description of what the problem is that the new feature would solve. Describe why and how a user would use this new functionality (if applicable). --> When we use a password manager we always use the clipboard to paste passwords in the terminal when doing ssh (password authentication) or running commands as a Privileged User but if we paste the password multiple times the password would be visible # Proposed technical implementation details (optional) <!-- A clear and concise description of what you want to happen. --> Create a feature to enable users to input a regex pattern so that when text is copied from the clipboard the Windows Terminal replaces that sensitive information with non-word characters (*/#, or even not show anything at all) after paste. A different way would be an integration with password managers to input data without using the clipboard.
claunia added the Issue-FeatureProduct-TerminalArea-Extensibility labels 2026-01-31 06:21:18 +00:00
claunia commented 2026-01-31 06:21:18 +00:00
Author
Owner
Copy Link

@carlos-zamora commented on GitHub (Oct 18, 2022):

Hmm... ok, so I guess this would work kinda like this...

  1. in a setting, define a regex (or multiple) for suppressed text
  2. on a paste operation, if the regex matches, flag the operation
  3. when the shell tries to output the matching text, suppress it

A few concerns that come to mind:

  • what if somebody uses this maliciously and tries to suppress all text?
  • how to handle when the pasted text accidentally matches the regex? Should we always display a little temporary pop-up saying "password suppressed" to make it clear that that happened? Maybe add a "paste anyways" button to that?

Honestly, I see this more as a possible extension that would require access to (1) pasted text and (2) output text. I'm going to mark it up as that.

@carlos-zamora commented on GitHub (Oct 18, 2022): Hmm... ok, so I guess this would work kinda like this... 1. in a setting, define a regex (or multiple) for suppressed text 2. on a paste operation, if the regex matches, flag the operation 3. when the shell tries to output the matching text, suppress it A few concerns that come to mind: - what if somebody uses this maliciously and tries to suppress all text? - how to handle when the pasted text accidentally matches the regex? Should we always display a little temporary pop-up saying "password suppressed" to make it clear that that happened? Maybe add a "paste anyways" button to that? Honestly, I see this more as a possible extension that would require access to (1) pasted text and (2) output text. I'm going to mark it up as that.
claunia commented 2026-01-31 06:21:19 +00:00
Author
Owner
Copy Link

@david8128 commented on GitHub (Oct 21, 2022):

For example, when I use VSCode with ssh this is the result in the output as *******
image
This would also be nice, or if you think it should be completely suppressed, it would be fine.

I like the idea of the pop-up, it can confirm that you are pasting one pattern and is actually the password that is intended to be suppressed, and also the option to say, no, it's not a password would be wonderful,

@david8128 commented on GitHub (Oct 21, 2022): For example, when I use VSCode with ssh this is the result in the output as ******* ![image](https://user-images.githubusercontent.com/26266985/197210860-075b6d18-865f-4b8f-a918-57b57bc2aeb3.png) This would also be nice, or if you think it should be completely suppressed, it would be fine. I like the idea of the pop-up, it can confirm that you are pasting one pattern and is actually the password that is intended to be suppressed, and also the option to say, no, it's not a password would be wonderful,
claunia commented 2026-01-31 06:21:19 +00:00
Author
Owner
Copy Link

@KalleOlaviNiemitalo commented on GitHub (Oct 27, 2022):

In addition to regex patterns, this could detect if the clipboard text has been marked as sensitive via the ExcludeClipboardContentFromMonitorProcessing, CanIncludeInClipboardHistory, or CanUploadToCloudClipboard clipboard format as documented in Cloud Clipboard and Clipboard History Formats. Those clipboard formats don't seem to be intended for local obscuring like this, but recognizing them would be more likely to work than defining a separate clipboard format for Windows Terminal and expecting applications to set that.

@KalleOlaviNiemitalo commented on GitHub (Oct 27, 2022): In addition to regex patterns, this could detect if the clipboard text has been marked as sensitive via the `ExcludeClipboardContentFromMonitorProcessing`, `CanIncludeInClipboardHistory`, or `CanUploadToCloudClipboard` clipboard format as documented in [Cloud Clipboard and Clipboard History Formats](https://learn.microsoft.com/en-us/windows/win32/dataxchg/clipboard-formats#cloud-clipboard-and-clipboard-history-formats). Those clipboard formats don't seem to be intended for local obscuring like this, but recognizing them would be more likely to work than defining a separate clipboard format for Windows Terminal and expecting applications to set that.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Reserved
A11yCO
A11yMAS
A11ySev1
A11ySev2
A11ySev3
A11yTTValidated
A11yUsable
A11yVoiceAccess
A11yWCAG
Area-Accessibility
Area-AtlasEngine
Area-AzureShell
Area-Build
Area-Build
Area-Chat
Area-CmdPal
Area-CodeHealth
Area-Commandline
Area-CookedRead
Area-DefApp
Area-Extensibility
Area-Fonts
Area-GroupPolicy
Area-i18n
Area-Input
Area-Interaction
Area-Interop
Area-Localization
Area-Output
Area-Performance
Area-Portable
Area-Quality
Area-Remoting
Area-Rendering
Area-Schema
Area-Server
Area-Settings
Area-SettingsUI
Area-ShellExtension
Area-ShellExtension
Area-ShellExtension
Area-Suggestions
Area-Suggestions
Area-TerminalConnection
Area-TerminalControl
Area-Theming
Area-UserInterface
Area-VT
Area-Windowing
Area-WPFControl
AutoMerge
Blocking-Ingestion
Culprit-Centennial
Culprit-WinUI
Disability-All
Disability-Blind
Disability-LowVision
Disability-Mobility
External-Blocked-WinUI3
Fixed
Gathering-Data
good first issue
HCL-E+D
HCL-WindowsTerminal
Help Wanted
Impact-Compatibility
Impact-Compliance
Impact-Correctness
Impact-Visual
In-PR
InclusionBacklog
InclusionBacklog-Windows TerminalWin32
InclusionCommitted-202206
Issue-Bug
Issue-Docs
Issue-Feature
Issue-Feature
Issue-Question
Issue-Samples
Issue-Scenario
Issue-Task
Needs-Attention
Needs-Author-Feedback
Needs-Bisect
Needs-Discussion
Needs-Repro
Needs-Tag-Fix
Needs-Tag-Fix
Needs-Triage
No-Recent-Activity
Priority-0
Priority-1
Priority-2
Priority-3
Product-Cmd.exe
Product-Colortool
Product-Colortool
Product-Colortool
Product-Conhost
Product-Conpty
Product-Meta
Product-Powershell
Product-Terminal
Product-WSL
pull-request
Mirrored from GitHub Pull Request
 Resolution-Answered
Resolution-By-Design
Resolution-Duplicate
Resolution-External
Resolution-Fix-Available
Resolution-Fix-Committed
Resolution-No-Repro
Resolution-Won't-Fix
Severity-Blocking
Severity-Crash
Severity-DataLoss
spam
this-will-be-a-breaking-change
Tracking-External
WindowsTerminal_Win32
Work-Item
zAskModeBug
zInbox-Bug
No Label Area-Extensibility Issue-Feature Product-Terminal
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/terminal#18684
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?