Generate Passwords in Bash and Shell Scripts

ByQ A Posted on Updated on

Generating secure, random passwords is a fundamental task for sysadmins. You have several reliable options depending on your use case and environment.

openssl (most portable)

The simplest and most widely available method:

openssl rand -base64 12

This generates a 12-character base64-encoded string. Adjust the number to change length — openssl rand -base64 32 gives you a longer password suitable for critical systems.

The base64 output includes + and / characters, which can cause issues in some contexts. If you need URL-safe base64:

openssl rand -base64 12 | tr '+/' '-_'

/dev/urandom with character filtering

If you need specific character sets without base64 encoding:

tr -dc 'A-Za-z0-9!@#$%^&*' < /dev/urandom | head -c 16; echo

This pulls from /dev/urandom and keeps only alphanumerics plus common special characters. Adjust the character class to suit your requirements. For example, if your password policy forbids special characters:

tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 16; echo

The echo at the end adds a newline for readability.

pwgen for pronounceable passwords

When you need something easier to type or memorize:

pwgen -s 16 1

The -s flag generates hard-to-remember but valid strings. Without it, pwgen creates pronounceable (but weaker) passwords. The final 1 generates a single password instead of multiple options.

Bash built-in random (portable alternative)

On systems without openssl installed, the shell’s $RANDOM variable can help, though it’s weaker:

for i in {1..16}; do echo -n $((RANDOM % 62)) | tr '0-9' 'A-Za-z0-9'; done

This is fine for non-critical use but shouldn’t replace cryptographic methods for important credentials.

Modern password management

Don’t rely on command-line generation alone for important credentials. Use a proper password manager:

pass — the standard Unix password manager, using GPG encryption:

pass generate services/myapp 32
pass show services/myapp

Passwords are stored in ~/.password-store/ as GPG-encrypted files, with optional git integration for syncing across machines.

Bitwarden CLI — for cross-platform teams:

bw generate --length 32 --symbols
bw login
bw add item passwordlogin --name "My Service"

1Password CLI — enterprise-friendly:

op item create --category login --title "My Service"
op generate --symbols

Practical workflow

For scripted deployments, combine generation with immediate storage:

PASSWORD=$(openssl rand -base64 32)
echo "$PASSWORD" | pass insert -e services/newapp

The -e flag prompts you to type interactively (avoiding the password showing in shell history), or pipe it directly if running non-interactively.

For database or application credentials, avoid storing in plaintext. Use your password manager’s API or export capabilities to inject credentials at runtime instead of hardcoding them.

2026 Best Practices and Advanced Techniques

For Generate Passwords in Bash and Shell Scripts, understanding both the fundamentals and modern practices ensures you can work efficiently and avoid common pitfalls. This guide extends the core article with practical advice for 2026 workflows.

Troubleshooting and Debugging

When issues arise, a systematic approach saves time. Start by checking logs for error messages or warnings. Test individual components in isolation before integrating them. Use verbose modes and debug flags to gather more information when standard output is not enough to diagnose the problem.

Performance Optimization

  • Monitor system resources to identify bottlenecks
  • Use caching strategies to reduce redundant computation
  • Keep software updated for security patches and performance improvements
  • Profile code before applying optimizations
  • Use connection pooling and keep-alive for network operations

Security Considerations

Security should be built into workflows from the start. Use strong authentication methods, encrypt sensitive data in transit, and follow the principle of least privilege for access controls. Regular security audits and penetration testing help maintain system integrity.

Related Tools and Commands

These complementary tools expand your capabilities:

  • Monitoring: top, htop, iotop, vmstat for system resources
  • Networking: ping, traceroute, ss, tcpdump for connectivity
  • Files: find, locate, fd for searching; rsync for syncing
  • Logs: journalctl, dmesg, tail -f for real-time monitoring
  • Testing: curl for HTTP requests, nc for ports, openssl for crypto

Integration with Modern Workflows

Consider automation and containerization for consistency across environments. Infrastructure as code tools enable reproducible deployments. CI/CD pipelines automate testing and deployment, reducing human error and speeding up delivery cycles.

Quick Reference

This extended guide covers the topic beyond the original article scope. For specialized needs, refer to official documentation or community resources. Practice in test environments before production deployment.

Leave a Reply

Your email address will not be published. Required fields are marked *