I would like to write a Bash script or function that is able to remove the entry from the caller's Bash history that corresponds to its own invocation.
Is this possible?
The use case is a wrapper around writing secrets on a team-owned cluster, and I want to add some convenience around making sure all team members don't inadvertently leave the secrets in plain text in the Bash history. At first I was going to require the script use read -rs to prevent the command from containing the secret. Then, realizing that some will inevitably type in the secret name in the command invocation anyway, I wondered if I could support that but delete the invocation Bash history.
Essentially, something like adding history -d $HISTCMD in the script; however, the history item isn't written until after the script completes. So no dice.
Is there a way to tell Bash "do not record this command in history" or otherwise delete it upon completion?
Check out
HISTIGNORE