From 6d88ea01c9a26042b452089dbf10d70cded364e5 Mon Sep 17 00:00:00 2001
From: Reactor Scram <ReactorScram@users.noreply.github.com>
Date: Wed, 17 Apr 2024 16:12:36 -0500
Subject: [PATCH] fix(linux-client): don't show the token in `--help` (#4654)

Closes #4653

---------

Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
---
 rust/headless-client/src/lib.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rust/headless-client/src/lib.rs b/rust/headless-client/src/lib.rs
index 7e482f41c..963131a65 100644
--- a/rust/headless-client/src/lib.rs
+++ b/rust/headless-client/src/lib.rs
@@ -49,8 +49,8 @@ struct Cli {
 
     // TODO: It isn't good for security to pass the token as a CLI arg.
     // If we pass it as an env var, we should remove it immediately so that
-    // other processes don't see it. Reading it from a file is probably safest.
-    #[arg(env = "FIREZONE_TOKEN")]
+    // child processes don't inherit it. Reading it from a file is probably safest.
+    #[arg(env = "FIREZONE_TOKEN", hide = true)]
     pub token: Option<String>,
 
     /// Identifier used by the portal to identify and display the device.