[cli] Fix interactive secrets code

paolino · paolino · commit b26ca71829cb · 2025-08-25T10:18:01.000+01:00
diff --git a/cli/README.md b/cli/README.md
@@ -106,10 +106,10 @@ A more secure way is to let the CLI prompt you for the passphrase when needed.
 antij wallet create --ask-passphrase
 ```
 
-If you set the `ANTI_INTERACTIVE_PASSWORD` environment variable to any value, the CLI will prompt you for the passphrase every time it needs it.
+If you set the `ANTI_INTERACTIVE_SECRETS` environment variable to any value, the CLI will prompt you for the passphrase every time it needs it.
 
 ```bash
-export ANTI_INTERACTIVE_PASSWORD=1
+export ANTI_INTERACTIVE_SECRETS=1
 ```
 
 You can review this wallet info anytime with
diff --git a/cli/docs/requester-role.md b/cli/docs/requester-role.md
@@ -116,13 +116,13 @@ Before proceding be careful to set the necessary signing assets in your environm
 As with the wallet passphrase you can set the password in the environment variable
 
 ```bash
-read -s -p "Enter password to decrypt the SSH private key: " ANTI_INTERACTIVE_PASSWORD
-export ANTI_INTERACTIVE_PASSWORD
+read -s -p "Enter password to decrypt the SSH private key: " ANTI_INTERACTIVE_SECRETS
+export ANTI_INTERACTIVE_SECRETS
 ```
 
 Or better paste it from a password manager each time you need it using the 'ask-password' option
 
-Or set the `ANTI_INTERACTIVE_PASSWORD` environment variable to any value.
+Or set the `ANTI_INTERACTIVE_SECRETS` environment variable to any value.
 
 > The file at ANTI_SSH_FILE path has to be the encrypted ssh private key matching the user registration [see above](#registering-a-user-public-key).
 
diff --git a/cli/src/Core/Types/Mnemonics/Options.hs b/cli/src/Core/Types/Mnemonics/Options.hs
@@ -32,6 +32,7 @@ import OptEnvConf
     , setting
     , short
     , str
+    , switch
     , withConfig
     )
 import System.Console.Haskeline
@@ -57,13 +58,18 @@ walletPassphraseCommon =
     mapIO id
         $ setting
             [ help "Prompt for the passphrase for the encrypted mnemonics"
-            , env "ANTI_INTERACTIVE_PASSWORD"
+            , env "ANTI_INTERACTIVE_SECRETS"
             , metavar "NONE"
-            , long "ask-passphrase"
-            , option
             , reader
                 $ str @String $> queryConsole "Enter passphrase for encrypted mnemonics"
             ]
+        <|> setting
+            [ help "Prompt for the passphrase for the encrypted mnemonics"
+            , metavar "NONE"
+            , long "ask-wallet-passphrase"
+            , switch
+                $ queryConsole "Enter passphrase for encrypted mnemonics"
+            ]
         <|> setting
             [ env "ANTI_WALLET_PASSPHRASE"
             , metavar "PASSPHRASE"
diff --git a/cli/src/Options.hs b/cli/src/Options.hs
@@ -47,6 +47,7 @@ import OptEnvConf
     , runParser
     , setting
     , str
+    , switch
     , (<|>)
     )
 import Oracle.Options (oracleCommandParser)
@@ -64,15 +65,22 @@ githubAuthOption =
         $ mapIO id
         $ setting
             [ help "Prompt for the passphrase for the encrypted mnemonics"
-            , env "ANTI_INTERACTIVE_PASSWORD"
+            , env "ANTI_INTERACTIVE_SECRETS"
             , metavar "NONE"
-            , long "ask-passphrase"
-            , option
             , reader
-                $ str @String
+                ( str @String
                     $> ( T.encodeUtf8
-                            <$> queryConsole "Enter your GitHub personal access token: "
+                            <$> queryConsole "Enter your GitHub personal access token"
                        )
+                )
+            ]
+        <|> setting
+            [ help "Prompt for the passphrase for the encrypted mnemonics"
+            , metavar "NONE"
+            , long "ask-github-pat"
+            , switch
+                $ T.encodeUtf8
+                    <$> queryConsole "Enter your GitHub personal access token"
             ]
         <|> setting
             [ env "ANTI_GITHUB_PAT"
diff --git a/cli/src/User/Requester/Options.hs b/cli/src/User/Requester/Options.hs
@@ -34,10 +34,10 @@ import OptEnvConf
     , long
     , mapIO
     , metavar
-    , option
     , reader
     , setting
     , str
+    , switch
     , (<|>)
     )
 import Oracle.Validate.Requests.RegisterRole
@@ -160,16 +160,22 @@ keyPasswordOption =
     mapIO id
         $ setting
             [ help "Prompt for the password to decrypt the SSH private key"
-            , env "ANTI_INTERACTIVE_PASSWORD"
+            , env "ANTI_INTERACTIVE_SECRETS"
             , metavar "NONE"
-            , long "ask-password"
-            , option
             , reader
                 $ str @String
                     $> ( T.unpack
                             <$> queryConsole "Enter password for SSH private key"
                        )
             ]
+        <|> setting
+            [ help "Prompt for the password to decrypt the SSH private key"
+            , metavar "NONE"
+            , long "ask-ssh-password"
+            , switch
+                $ T.unpack
+                    <$> queryConsole "Enter password for SSH private key"
+            ]
         <|> setting
             [ env "ANTI_SSH_PASSWORD"
             , help "Password to the decrypt the SSH private key"
