the three I can think of are:
1) cleos —wallet-port 8899 wallet create
Creating wallet: default
Save password to use in the future to unlock your wallet
Without password imported keys will not be retrievable
2) cleos create key
Private Key: privatekey….
Public Key: EOS5…
3) I’ve seen somewhere not sure where Private Key: Password Start ******** Password_End. I could be confused but to me that’s also giving info regarding what grep to search for.
NOTE: until the console history is cleansed by history -c them passwords will be in the console of the instance. if these were generated they would be available on the instance logs which could be argued to be a sec treat.
How to solve it? Maybe playing with the log level on the code, if the log level is debug show as it is, otherwise hide as much as possible? forcing production systems to simply not run on debug mode?, plus warning users on the logs that log level is important?. Maybe forcing users to clear history after a private key or password is displayed for a few seconds, followed by a clearing of history plus forcing a delete of the last few log lines on the cleos.log?