[pass] [PATCH] Added 'rename' command

Brian Shore brian at networkredux.com
Thu Apr 17 21:05:23 CEST 2014


On Thu, Apr 17, 2014 at 11:24 AM, Matthieu Weber <mweber at free.fr> wrote:
> On Thu 17.04.2014 at 08:34:05AM -0700, Brian Shore wrote:
>> On Thu, Apr 17, 2014 at 6:27 AM, Matthieu Weber <mweber at free.fr> wrote:
>> > pass mv is not about managing files, it is about changing the
>> > meta-information of the password, namely its identifier. The fact that
>> > it boils down to renaming a file is just a technicality. You can ditch
>> > the "pass mv" shortcut if you want and provide only "pass rename" and
>> > then it's not anymore about moving files, but about managing passwords.
>> > That's exactly what pass is for. Maybe we can rename "pass mv" into
>> > "pass rn" so that it doesn't sound like the shell's mv command?
>>
>> I think we could avoid some of the file manager difficulties by
>> letting pass tell us something about its configuration.
>
> Is exposing the internals of a software any better than making said
> software do more than the most fundamental operations? (this is not only
> trolling, it is also a philosophical question).

That depends.  Exposing something in a controlled and consistent way
is useful.  This is why accessor and mutator methods for changing an
object's internal state is preferred over direct access to member
fields.  We let the object directly manage the internal state, we let
pass directly manage its guts too.  But pass isn't prohibited from
telling us where are passwords are stored.

As far as exceeding the most fundamental operations, this is a
continuum.  Useful tools often do more than the most fundamental
operations, they often also do composite operations that are difficult
to do right (e.g. if a series of operations must be performed in a
specific order), operations that are very frequently used (but
trivially composed of fundamental operations), etc.  We just need to
find a balance between minimalism and efficient usability.

>> For example, if pass will tell us the prefix, we can easily stuff that
>> into calls to the standard file tools:
>>
>>   # change `pass show foo/bar/baz`  to `pass show foo/moo/goo`
>>   /bin/mv -v  $(pass --printconfig prefix)/foo/bar/baz $(pass
>> --printconfig prefix)/foo/moo/goo
>
> But as Jason pointed out, if the target directory has a different key
> ID, then reencrypting the file is necessary. What about something like
>
>    pass foo/bar |pass insert -m baz/quux && pass rm foo/bar

Works for me.

> What about
>
>   pass git archive -o pass.backup.$(date +Y%m%dT%H%M%S).tar.gz master
>
> Again, this doesn't expose pass's internals too much, but I'm still a
> bit wary about exposing the git repo. "pass git" is very useful for
> hacking, but it feels dirty.
>
>> Thoughts?
>
> Well, none of this works if you don't use git. Is anyone using pass
> without git?

I'm not currently using git to back pass.  I do think using `pass git`
to update or search the filesystem feels very dirty.  I think git
belongs in the background; even if I were using git with pass, I
wouldn't want to use pass to manage the git repo.  In contrast, I
think using git(1) directly to manage the repo holding the password
store is fine (although slightly inconvenient if you have to lookup
the prefix or something).




-- 
Brian Shore
Senior Systems Engineer, Security Architect
Network Redux, LLC
5200 SW Macadam Ave Ste 450
Portland, Oregon 97239
Desk:  503-274-9905 x503


More information about the Password-Store mailing list