Stop your shell history from leaking sensitive credentials
Environment & Shell Customization (Aliases/Functions/.Bashrc)
Stop your shell history from leaking sensitive credentials
🧩 The Challenge
You finally realize that one time you exported your database password in plain text, it’s now sitting comfortably in your .bash_history file for any local user or log scraper to find. It’s annoying how many times I’ve had to scrub history files because of a late-night `export MYSQL_PWD=…` mistake.
💡 The Fix
Tell your shell to ignore commands that start with a space or include specific keywords by setting the right environment variables. It’s the easiest way to prevent those embarrassing credentials from ever being written to disk in the first place.
export HISTCONTROL=ignorespace:ignoredups:erasedups
export HISTIGNORE='export *:*password*:*passwd*:*key*'
⚙️ Why It Works
Adding a space before a command tells the shell to skip adding it to history, and that HISTIGNORE pattern basically creates a blacklist for common mistakes. The shell evaluates this list before deciding whether to log the line, so those credentials die right there in memory.
🚀 Pro-Tip: Set HISTSIZE to something reasonable like 10000 so your history file doesn’t turn into a multi-megabyte searchable mess.
Linux Tips & Tricks | © ngelinux.com | 7/17/2026
