key: Add --new-password-file flag for non-interactive password changes

[mholt]

What is the purpose of this change? What does it change?

Makes it possible to change the password non-interactively.

I was unsuccessful trying to do it in a script by piping into stdin; restic expects 1000 bytes and the error check is wrong so it always returns an error even on early EOF; but even when corrected, I can only seem to pass one input, not two. Anyway, the whole thing doesn't matter if there's a nifty flag. 😄

Was the change discussed in an issue or in the forum before?

Closes #827

Also see https://forum.restic.net/t/changing-repo-password-without-prompt/591?u=matt

/cc @robbat2 and @HLeithner

Checklist

• I have read the Contribution Guidelines
• I have added tests for all changes in this PR
• I have added documentation for the changes (in the manual)
• There's a new file in changelog/unreleased/ that describes the changes for our users (template here)
• I have run gofmt on the code in all commits
• All commit messages are formatted in the same style as the other commits in the repo
• I'm done, this Pull Request is ready for review

(There don't seem to be tests for the commands, and this is automatically documented by restic key -h, so I'm marking this as done, I guess?)

[codecov-io]

Codecov Report

Merging #1720 into master will decrease coverage by 5.07%.
The diff coverage is 22.22%.

@@            Coverage Diff             @@
##           master    #1720      +/-   ##
==========================================
- Coverage   52.13%   47.06%   -5.08%     
==========================================
  Files         148      148              
  Lines       11718    11721       +3     
==========================================
- Hits         6109     5516     -593     
- Misses       4657     5309     +652     
+ Partials      952      896      -56

Impacted Files	Coverage Δ
cmd/restic/cmd_key.go	55.45% <22.22%> (-2.97%)	⬇️
internal/backend/azure/azure.go	0% <0%> (-82.15%)	⬇️
internal/backend/swift/swift.go	0% <0%> (-78.45%)	⬇️
internal/backend/b2/b2.go	0% <0%> (-77.73%)	⬇️
internal/backend/gs/gs.go	0% <0%> (-73.61%)	⬇️
internal/backend/swift/config.go	36.95% <0%> (-54.35%)	⬇️
internal/backend/rclone/backend.go	70.32% <0%> (-1.94%)	⬇️
internal/backend/test/tests.go	59.95% <0%> (-0.66%)	⬇️
internal/restic/restorer.go	55.84% <0%> (+4.03%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b5b246e...1a26355. Read the comment docs.

[fd0]

Hey, thanks for taking a stab at implementing this! Unfortunately, you implemented something slightly different: We try hard to not take a password as a command-line parameter (because all other users of the same system are allowed to read the command-line, so they could get the password), but to read it from a file.

Would you mind changing --new-password to --new-password-file according to the proposal in the issue, and read the password from the file?

This can then also be used with third-party programs, like restic passwd --new-password-file <(pass restic/backup/foo).

Thanks!

[mholt]

Sure, makes sense. I've made the change!

[fd0]

Looks good, I've taken the liberty of squashing the commits, and I'll merge this after the tests ran. Thank you for your contribution!

[mholt]

Thank you!! 🕺