Prevent the secret/password from being stored on disk in your Bash history

I am reading Terraform Up & Running second edition nowadays. When I was reading storing secret part, I found a nice feature of shell.

Put a space before the export command to prevent the secret from being stored on disk in your Bash history.

Here is the related part from the book.

For the db_password input variable, here is how you can set the TF_VAR_db_password environment variable on Linux/Unix/OS X systems:

$  export TF_VAR_db_password="(YOUR_DB_PASSWORD)"
$ terraform apply
(...)

Note that there is intentionally a space before the export command to prevent the secret from being stored on disk in your Bash history.

In most Linux/Unix/OS X shells, every command you type is stored in some sort of history file (e.g., ~/.bash_history). If you start your command with a space, most shells will skip writing that command to the history file.

Note that you might need to set the HISTCONTROL environment variable to “ignoreboth” to enable this if your shell doesn’t enable it by default.