Redis redis-cli stored AUTH command to the command history file

redis-cli saves AUTH command with "requirepass" password to the command history file ~/.rediscli_history. It seems to me that it is not very safe to keep that password in the file with -rw-r--r-- global read permissions. Or am I just being paranoid? For example, mongodb has a similar command that authenticates users (db.auth) but it's not stored in the command history file.

Comment From: itamarhaber

Quick workaround to "disable" saving the cli's history:

foo@bar:~$ rm .rediscli_history 
foo@bar:~$ ln -s /dev/null .rediscli_history
foo@bar:~$ redis-cli 
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> exit
foo@bar:~$ ls -al .rediscli_history 
lrwxrwxrwx 1 foo foo 9 Sep 30 00:19 .rediscli_history -> /dev/null

Comment From: anselal

What if we want to keep the history ? Can't you make it so that when I type AUTH it asks me for the password and doesn't save it in the history file ? Or just exclude any AUTH commands form the history file ?

Comment From: itamarhaber

This has been resolved by newer Redis versions - closing.