Bash – Safest Way to Store Environment Variable in a File

bashscripting

I am using bash and most interested in an answer for bash, but you can answer about how to do it in other shells if you want.

I have an environment variable, KEY, and I want to store the value of that environment variable in a a file. Currently I am doing

echo "${KEY}" > ./key.pem

In practice this seems to be OK, but in theory this breaks when KEY=-n.

$ export KEY=-n
$ echo BEGIN "${KEY}" END
BEGIN -n END
$ echo "${KEY}" END
END$

So, is there a better way to store the value of a single environment variable in a file? (Note that export and declare will include the name of the variable in their outputs, which is no good for me.)

Best Answer

If it's storing for the sake of reading it in later (in a bash script), just use declare -p KEY and then source the file to read it in again. If you just want to store the value, use printf '%s\n' "$KEY" as you would do when you output any variable data.

So,

printf '%s\n' "$KEY" >key.pem

printf 'BEGIN %s END\n' "$KEY" >key.pem

or whatever you need to output.

Your issue occurs since -n is a valid option to echo in bash. The strings -e and -E (and combinations like -neEne) would also cause issues in bash, for the same reason. Depending on how bash is built or the environment or options, backslash characters in arguments may also be a problem.

These issues and more are outlined in the following Q/A:

Why is printf better than echo?

In lots of places, depending

On virtual terminals and real terminals, the TERM environment variable is set by the program that chains to login, and is inherited all of the way along to the interactive shell that executes once one has logged on. Where, precisely, this happens varies from system to system, and according to the kind of terminal.

real terminals

Real, serial, terminals can vary in type, according to what's at the other end of the wire. So conventionally the getty program is invoked with an argument that specifies the terminal type, or is passed the TERM program from a service manager's service configuration data.

On van Smoorenburg init systems, one can see this in /etc/inittab entries, which will read something along the lines of
```
S0:3:respawn:/sbin/agetty ttyS0 9600 vt100-nav
```
The last argument to agetty in that line, vt100-nav, is the terminal type set for /dev/ttyS0. So /etc/inittab is where to change the terminal type for real terminals on such systems.
On systemd systems, one used to be able to see this in the /usr/lib/systemd/system/serial-getty@.service unit file (/lib/systemd/system/serial-getty@.service on un-merged systems), which used to read
```
Environment=TERM=vt100
```
setting the TERM variable in the environment passed to agetty.
On the BSDs, init takes the terminal type from the third field of each terminal's entry in the /etc/ttys database, and sets TERM from that in the environment that it executes getty with. So /etc/ttys is where one changes the terminal type for real terminals on the BSDs.

systemd's variability

The serial-getty@.service service unit file, or drop-in files that apply thereto, is where to change the terminal type for real terminals on systemd systems. Note that such a change applies to all terminal login services that employ this service unit template. (To change it for only individual terminals, one has to manually instantiate the template, or add drop-ins that only apply to instantiations.)

systemd has had at least four mechanisms during its lifetime for picking up the value of the TERM environment variable. At the time of first writing this answer, as can be seen, there was an Environment=TERM=something line in the template service unit files. At other times, the types linux and vt102 were hard-wired into the getty and serial-getty service unit files respectively. More recently, the environment variable has been inherited from process #1, which has set it in various ways.

As of 2020, the way that systemd decides what terminal type to specify in a service's TERM environment variable is quite complex, and not documented at all. The way to change it remains a drop-in configuration file with Environment=TERM=something. But where the default value originates from is quite variable. Subject to some fairly complex to explain rules that involve the TTYPath= settings of individual service units, it can be one of three values: a hardwired linux, a hardwired vt220 (no longer vt102), or the value of the TERM environment variable that process #1 inherited, usually from the kernel/bootstrap loader.

(Ironically, the getttyent() mechanism still exists in the GNU C library, and systemd could have re-used the /etc/ttys mechanism.)

kernel virtual terminals

Kernel virtual terminals, as you have noted, have a fixed type. Unlike NetBSD, which can vary the kernel virtual terminal type on the fly, Linux and the other BSDs have a single fixed terminal type implemented in the kernel's built-in terminal emulation program. On Linux, that type matches linux from the terminfo database. (FreeBSD's kernel terminal emulation since version 9 has been teken. Prior to version 9 it was cons25 OpenBSD's is pccon.)

On systems using mingetty or vc-get-tty (from the nosh package) the program "knows" that it can only be talking to a virtual terminal, and they hardwire the "known" virtual terminal types appropriate to the operating system that the program was compiled for.
On systemd systems, one used to be able to see this in the /usr/lib/systemd/system/getty@.service unit file (/lib/systemd/system/getty@.service on un-merged systems), which read
```
Environment=TERM=linux
```
setting the TERM variable in the environment passed to agetty.

For kernel virtual terminals, one does not change the terminal type. The terminal emulator program in the kernel doesn't change, after all. It is incorrect to change the type. In particular, this will screw up cursor/editing key CSI sequence recognition. The linux CSI sequences sent by the Linux kernel terminal emulator are different to the xterm or vt100 CSI sequences sent by GUI terminal emulator programs in DEC VT mode. (In fact, they are highly idiosyncratic and non-standard, and different both to all real terminals that I know of, and to pretty much all other software terminal emulators apart from the one built into Linux.)

GUI terminal emulators

Your GUI terminal emulator is one of many programs, from the SSH dæmon to screen, that uses pseudo-terminals. What the terminal type is depends from what terminal emulator program is running on the master side of the pseudo-terminal, and how it is configured. Most GUI terminal emulators will start the program on the slave side with a TERM variable whose value matches their terminal emulation on the master side. Programs like the SSH server will attempt to "pass through" the terminal type that is on the client end of the connection. Usually there is some menu or configuration option to choose amongst terminal emulations.

The gripping hand

The right way to detect colour capability is not to hardwire a list of terminal types in your script. There are an awful lot of terminal types that support colour.

The right way is to look at what termcap/terminfo says about your terminal type.

colour=0
if tput Co > /dev/null 2>&1
then
    test "`tput Co`" -gt 2 && colour=1
elif tput colors > /dev/null 2>&1
then
    test "`tput colors`" -gt 2 && colour=1
fi

Best Answer

Related Solutions

Bash autocompletion for an environment variable holding a directory name

Bash Terminal – Where Does the TERM Environment Variable Default Get Set?