How to prevent a password or other sensitive information from being stored in the bash history when using grep?

If you put HISTCONTROL=ignorespace in your .bashrc, and you put a space before the command name, it will not be added to your history.

$ export HISTCONTROL=ignorespace
$ grep "passwd" secret_password_file.txt   # added to history
$  grep "passwd" secret_password_file.txt  # not added to history

Just for completeness, I answer the question in the body: how to get grep to read patterns from stdin:

You can use the -f option:

grep -f- /path/to/file

That will read any number of patterns from stdin, one per line. (- means stdin; you could also specify a file with patterns, one per line.) grep will match lines in /path/to/file which match any of the specified patterns.


This is the best I could come up with:

grep $(read -p "Pattern: "; echo $REPLY) .*

Is this safe enough? Is there anyway to recover the pattern other than scrolling the terminal? Is there a nicer way?