From d124e402d9509718edc78dadee94828d2aaaebb5 Mon Sep 17 00:00:00 2001
From: isc-dchui <dchui@intersystems.com>
Date: Mon, 11 May 2026 14:30:21 -0400
Subject: [PATCH] Add warning when using -password instead of -password-stdin

---
 CHANGELOG.md                    | 1 +
 src/cls/IPM/Repo/Definition.cls | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a76cc7a15..008a17283 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security
 - requests Python wheel updated to 2.33.0
+- #1138: Warn when using `-password` instead of `-password-stdin`.
 
 ## [0.10.6] - 2026-02-24
 
diff --git a/src/cls/IPM/Repo/Definition.cls b/src/cls/IPM/Repo/Definition.cls
index b36b3b504..940afde33 100644
--- a/src/cls/IPM/Repo/Definition.cls
+++ b/src/cls/IPM/Repo/Definition.cls
@@ -1,4 +1,4 @@
-Include (%syPrompt, %IPM.Common)
+Include (%syPrompt, %IPM.Common, %IPM.Formatting)
 
 Class %IPM.Repo.Definition Extends (%Persistent, %ZEN.DataModel.Adaptor, %IPM.CLI.Commands, %JSON.Adaptor) [ Abstract ]
 {
@@ -190,6 +190,8 @@ ClassMethod Configure(
             read "Password: ", pwd
             close $io
             set pModifiers("password") = pwd
+        } elseif $data(pModifiers("password")) {
+            write !, $$$FormattedLine($$$Yellow, "WARNING: Using --password via the CLI is insecure. Use --password-stdin.")
         }
 
         $$$ThrowOnError(..OnConfigure(tInstance,pInteractive,.pModifiers,.pData))