[pass] prevent generating over existing

Jason A. Donenfeld Jason at zx2c4.com
Wed Dec 19 04:51:01 CET 2012

On Wed, Dec 19, 2012 at 4:46 AM, Roman Shtylman <shtylman at gmail.com> wrote:
> Is there a way to prevent pass from generating passwords over an existing password? I find that when I have added several lines to a password file (to save additional info) and I run the generate command, those lines are lost. This would be quite bad if the information on those lines was important.

So at the moment, pass generate won't overwrite existing files unless
you pass it the -f flag or say yes explicitly:

zx2c4 at Thinkpad ~ $ pass generate blah/blah 20
mkdir: created directory ‘/home/zx2c4/.password-store/blah’
[master 48f3471] Added generated password for blah/blah to store.
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 blah/blah.gpg
The generated password to blah/blah is:
zx2c4 at Thinkpad ~ $ pass generate blah/blah 20
An entry already exists for blah/blah. Overwrite it? [y/N]

> Maybe pass could detect that I have an existing pass file and only change the first line? (this would mean unlocking the file first obviously). Simplest case, it should refuse to generate over existing files without unlocking. Otherwise someone could just run the pass command and overwrite all my passwords.

The first line thing is tempting, but it might be a bit overkill with
complexity. There ought to be an easier way of generating / editing
things though at once. I suppose what you could do is just use

$ pass edit blah/blah

Which will open things in VIM and handle secure encryption/decryption
in ram. And then just use pwgen to generate the password manually. Not
perfect, but it works.

More information about the Password-Store mailing list