[pass] Patch and discussion for scriptable interface to pass
Lucas Hoffmann
l-m-h at web.de
Fri Feb 5 03:06:07 CET 2016
I am working on a series of patches and would like to discuss the
usefulness (and possibly the implementation) with you. (And maybe I can
get a comment from Jason if this has any chance of getting merged.)
The problem
===========
Sometimes you want to use pass in your shell scripts. Or you want to
interface pass with other shell tools via pipelines. The contents of
the password files are easily pipeable (just
`pass show something | script.sh`).
But the "metadata" ($PREFIX, directory and file names) is not easily
accessible. If you want to do something with these you have to
understand the internals of pass and reimplement part of the logic that
is already implemented in pass. Some completion functions do this for
example.
The idea
========
I do not want to change the output of existing commands for this so I
propose a new sub command: "script-interface". It will have further sub
commands. These will print some data in a format that is easily usable
by scripts (for example a list of all password files in a find-like
format in contrast to the tree printed by `pass show`).
Implementation
==============
A series of patches that I would like to discuss is attached. Until now
I implemented these script interface sub commands (docs still missing):
pass script-interface prefix -- prints the location of the password
store, so users do not have to
understand the (admittedly simple)
logic with $PASSWORD_STORE_DIR
pass script-interface entries -- print password entries (gpg files
with extension removed) in a
find-like format
pass script-interface dirs -- print directories that contain
entries in an find like format
pass script-interface dirs2 -- (faster implementation of dirs)
pass script-interface keys -- list all usable gpg keys
Reason / motivation
===================
- I think pass can/should hide its internal logic from the user
- I think pass should make data and information accessible for scripting
(I proposed a patch for pass grep for the same reason)
- I think that by doing this we can implement small "features" outside
of pass more easily. (For example there was a patch for a --firstline
option to pass show on this list recently. That can simply be
implemented by pipeing to `head -n 1`. And the qr-code patch can also
be replaced by a simple pipe.)
- I like code reuse so I had a look at the completion functions for
possible duplicates
Specific to my work flow: I have pass specific scripts in
$PASSWORD_STORE_DIR/bin which I would like to hide from password
listings. Therefore I would support a strict categorisation for
"password files" (files that match *.gpg), "relevant directories"
(directories that contain password files, anywhere below them) and
"others" (.gpg-id, .gitattributes, bin/script.sh, ...). This idea was
used to some extend in the attached patches.
Discussion
==========
Do you know more use cases for this? Or more sub commands? Or do you
have any critics? Or, or, or ...
Thank you
Lucas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-script-interface-subcommand.patch
Type: text/x-diff
Size: 2177 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/2c255098/attachment-0006.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-change-function.patch
Type: text/x-diff
Size: 2335 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/2c255098/attachment-0007.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Use-function-in-pass.patch
Type: text/x-diff
Size: 1939 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/2c255098/attachment-0008.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-use-in-completion.patch
Type: text/x-diff
Size: 4118 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/2c255098/attachment-0009.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Use-the-script-interface-in-contrib-and-completion.patch
Type: text/x-diff
Size: 2478 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/2c255098/attachment-0010.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-dirs2-script-interface-sub-command.patch
Type: text/x-diff
Size: 1811 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/2c255098/attachment-0011.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/2c255098/attachment-0001.asc>
More information about the Password-Store
mailing list