From 4ddd1f2668381fa55e3c184c4a6818120edd12aa Mon Sep 17 00:00:00 2001
From: samiam <samnap+github@gmail.com>
Date: Thu, 18 Jan 2018 12:14:19 -0500
Subject: [PATCH] Write password prompts to stderr to avoid co-mingling stdout
 (#3781) (#3782)

---
 builtin/credential/github/cli.go   | 2 +-
 builtin/credential/ldap/cli.go     | 4 ++--
 builtin/credential/okta/cli.go     | 4 ++--
 builtin/credential/token/cli.go    | 2 +-
 builtin/credential/userpass/cli.go | 4 ++--
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/builtin/credential/github/cli.go b/builtin/credential/github/cli.go
index 595f20fcbd80..3a4642aff183 100644
--- a/builtin/credential/github/cli.go
+++ b/builtin/credential/github/cli.go
@@ -30,7 +30,7 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 		// Override the output
 		stdout := h.testStdout
 		if stdout == nil {
-			stdout = os.Stdout
+			stdout = os.Stderr
 		}
 
 		var err error
diff --git a/builtin/credential/ldap/cli.go b/builtin/credential/ldap/cli.go
index 5ac19a727df7..73648eb74908 100644
--- a/builtin/credential/ldap/cli.go
+++ b/builtin/credential/ldap/cli.go
@@ -26,10 +26,10 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 	}
 	password, ok := m["password"]
 	if !ok {
-		fmt.Printf("Password (will be hidden): ")
+		fmt.Fprintf(os.Stderr, "Password (will be hidden): ")
 		var err error
 		password, err = pwd.Read(os.Stdin)
-		fmt.Println()
+		fmt.Fprintf(os.Stderr, "\n")
 		if err != nil {
 			return nil, err
 		}
diff --git a/builtin/credential/okta/cli.go b/builtin/credential/okta/cli.go
index 110b184e927c..951398fdb4b7 100644
--- a/builtin/credential/okta/cli.go
+++ b/builtin/credential/okta/cli.go
@@ -25,10 +25,10 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 	}
 	password, ok := m["password"]
 	if !ok {
-		fmt.Printf("Password (will be hidden): ")
+		fmt.Fprintf(os.Stderr, "Password (will be hidden): ")
 		var err error
 		password, err = pwd.Read(os.Stdin)
-		fmt.Println()
+		fmt.Fprintf(os.Stderr, "\n")
 		if err != nil {
 			return nil, err
 		}
diff --git a/builtin/credential/token/cli.go b/builtin/credential/token/cli.go
index c3595bf34270..c828e5d64b64 100644
--- a/builtin/credential/token/cli.go
+++ b/builtin/credential/token/cli.go
@@ -37,7 +37,7 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 		// Override the output
 		stdout := h.testStdout
 		if stdout == nil {
-			stdout = os.Stdout
+			stdout = os.Stderr
 		}
 
 		// No arguments given, read the token from user input
diff --git a/builtin/credential/userpass/cli.go b/builtin/credential/userpass/cli.go
index 4984cb4602ae..8531af3ce1af 100644
--- a/builtin/credential/userpass/cli.go
+++ b/builtin/credential/userpass/cli.go
@@ -30,9 +30,9 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 		return nil, fmt.Errorf("'username' must be specified")
 	}
 	if data.Password == "" {
-		fmt.Printf("Password (will be hidden): ")
+		fmt.Fprintf(os.Stderr, "Password (will be hidden): ")
 		password, err := pwd.Read(os.Stdin)
-		fmt.Println()
+		fmt.Fprintf(os.Stderr, "\n")
 		if err != nil {
 			return nil, err
 		}