Add the --password-file argument to sq sign.

- Add the `--password-file` argument to the `sq sign` command to
    allow the user to prefill the password cache with a password from a
    file.

NEWS

@@ -46,6 +46,9 @@
    - Rename `sq key subkey expire`'s `--subkey` argument to `--key`.
    - `sq key expire` and `sq key subkey expire` can now use the
      cert store and the key store.
+   - Add the `--password-file` argument to the `sq sign` command to
+     allow the user to prefill the password cache with a password from
+     a file.
 * Changes in 0.36.0
  - Missing
 * Changes in 0.35.0

src/cli/sign.rs

@@ -121,6 +121,18 @@ pub struct Command {
         help = "Sign the message using the specified key on the key store",
     )]
     pub signer_key: Vec<KeyHandle>,
+    #[clap(
+        long,
+        value_name = "FILE",
+        help = "File containing password to decrypt key",
+        long_help = "\
+File containing password to decrypt the signing key.  Note that the \
+entire key file will be used as the password, including surrounding \
+whitespace like for example a trailing newline.
+
+If multiple passwords are provided, then they are tried in turn.",
+    )]
+    pub password_file: Vec<PathBuf>,
     #[clap(
         long,
         value_names = &["NAME", "VALUE"],

src/commands/sign.rs

@@ -50,6 +50,14 @@ pub fn dispatch(sq: Sq, command: cli::sign::Command) -> Result<()> {
         load_certs(command.secret_key_file.iter().map(|s| s.as_ref()))?;
     let signer_keys = &command.signer_key[..];
 
+    for file in command.password_file {
+        let password = std::fs::read(&file)
+            .with_context(|| {
+                format!("Reading password from {}", file.display())
+            })?;
+        sq.cache_password(password.into());
+    }
+
     let notations = parse_notations(command.notation)?;
 
     if let Some(merge) = command.merge {