Bash: How to use a secret file for a script?

Question

I've created a really long script which fully automates installation and configuration of a web server in my company. During the script runtime it accesses some remote server using scp and ssh in order to download configuration files and I'd like to be able to have a secret file which holds the password (it's always the same password) and that the script will use this file without the need that i'll insert it manually. some lines from the script look like this:

/usr/bin/scp root@192.168.1.10:/etc/mail/sendmail.cf /etc/mail/
/usr/bin/scp -r root@192.168.1.10:/etc/yum.repos.d /etc/

/usr/bin/ssh root@192.168.1.10 'rpm -qa --queryformat "%{NAME}\n" >/tmp/sw.lst'
/usr/bin/scp root@192.168.1.10:/tmp/sw.lst /tmp/
/usr/bin/xargs yum -y install < /tmp/sw.lst

I know about the method of #ssh-keygen and #ssh-copy-id but the problem is that the script will run every time on a different machine and I don't want to exchange the keys before each run.

Answer 1

When i had to do something like that, i used expect and a wrapper script that would fetch a password from a file. I.e. in my password file i'd have something like

root@192.168.1.10 ThisIsMyPass
user@localhost thisIsMyOtherPass

and then have the wrapper script get (it could be simple as grep "root@192.168.1.10" ~/.passwords | cut -d ' ' -f2)

Im guessing there are more appropriate methods, but with this one you only need to keep your wrapper and password file protected and you can make your setup script public.