Every Linux user eventually runs a command they’d rather not preserve – a curl with a hardcoded password, an export with an API key, or a one-liner that would confuse any sysadmin who read it three months later. Knowing how to control what ends up in your bash history is as much a security habit as locking down SSH.
You’ve probably been there: you paste a command with a password embedded, hit Enter, and immediately wonder how many places that string just landed. Bash stores every command you type in ~/.bash_history by default, and on most systems, that file is readable by anyone who can access your account. And if you’re sharing a server with other admins, that history file is the first place anyone looks when something breaks.