Does asciinema record the passwords I type during recording session?

#1

By default asciinema records only terminal output (stdout) - what you actually see in a terminal window. It doesn’t record key presses (stdin).

Some applications turn off so called “echo mode” when asking for a password, and because the typed in characters are not visible they are not recorded. Other applications display star characters instead of real characters and asciinema records only “******” (a bunch of stars). However, there are applications which don’t have any precautions and the actual password is visible to the user, and so recorded by asciinema. Make sure you know how the application is handling password input before you record and publish the recording.

asciinema 2.0 introduced ability to record key presses with asciinema rec --stdin option. Recorded stdin may be used by a player (e.g. asciinema-player in near future) to display pressed keys. However, it’s basically a key-logging (scoped to a single shell instance), so it’s disabled by default, and has to be explicitly enabled via --stdin option. When this option is enabled then all typed in characters are captured as stdin (“i”) events in the resulting asciicast file. This includes all passwords, even if “echo mode” is turned off. When replaying, these chars are not displayed within player’s terminal window as output, but may be displayed in an overlay (if the player can do it and it’s enabled).

1 Like