22 June 2021
I often need to generate quick, ephemeral secrets or passwords for things I'm working on locally. Instead of using something like "password123" every time, I've put together an alias command which outputs a reliably complex string.
As long as I manage it well, I could confidently continue to use that password when the work makes its way out into the real world, without worrying that it might be easily cracked.
The core of the one-liner makes use of the python 3 secrets module. Right now, the secrets.token_urlsafe() function is the widely accepted best way of generating secure tokens or random strings in python.
import secrets secrets.token_urlsafe(32) eGrKX8vNcuXe94BP--IJ8guSVZcLnrkzhocxWqcocuw
I could open a python REPL and re-type those lines every time I need a new password, but ideally, I want to be able to run this code without thinking about what's going on under the hood.
To do that, I need to be able to run that python snippet from the CLI, and rename it with a friendly, memorable alias.
First, a python string can be executed from the cli by adding the -c flag (for command), eg:
python3 -c "import secrets; print(secrets.token_urlsafe(32))"
That whole line can be aliased with a memorable name like generate-password as follows:
alias generate-password='python3 -c "import secrets; print(secrets.token_urlsafe(32))"'
By adding that line to my config in ~/.zshrc, the alias will be remembered every time a new session begins. I can now tap out a couple of characters, hit tab to autocomplete, and generate a reasonably strong password for whatever I'm working on!