[pass] Patch and discussion for scriptable interface to pass

Lucas Hoffmann l-m-h at web.de
Fri Feb 5 21:42:29 CET 2016


Quoting Jason A. Donenfeld (2016-02-05 20:09:35)
> The whole motivation for pass was not to have anything that needs an
> API or an interface to work with. The interface is the filesystem.
> Each password is in a file. Files can be dealt with through the gpg
> tools. Scripts are to just use the ordinary filesystem APIs to do what
> they need to do. pass itself is one such script that uses those
> filesystem APIs for the purpose of having a nice terminal frontend.
>
> Maybe pass has become too complicated since this original mission, and
> now some sort of abstracted generic monstrosity is needed. If this is
> the case, what a shame.

I understand and support the desire to keep pass simple.  But at least
in one point pass has some "internal logic" or an "interface" (but then
again I would use gpg, cd, ls and friends manually otherwise).  This
even results in a small "bug":  pass assumes that password files have a
gpg extension.  Other files are not used by `pass show`.  That is the
internal assumtion/restriction/interface.  The bug is that files without
a gpg extension are listed in the tree (plain `pass show`) but can
(obviously) not be shown directly (`pass show makefile` says "Error:
makefile is not in the password store." even though "makefile" is
returned by the completion and listed in the tree).

> But with that said, I wouldn't oppose making changes so that pass's
> output is more easily scriptable. For example, testing [[ -t 0 ]] and
> outputting different things might be worthwhile.

I previously wrote that
> I do not want to change the output of existing commands for this so I
> propose a new sub command: "script-interface".
More accurate would be: I do not urge to change the existing output
formats if people are opposed to it.  So yes I like this idea as well.
Allan and Dashamir have also proposed the use of options instead of
further commands.

> What do your scripts need to do? Maybe folks on the list can help you
> find the most direct solution for your scripting needs?

The main reason I started this was actually a generalisation of a
previous attempt to make pass more scriptable, for which I still hope to
recive some feedback by the way ;).  The previous patch was a change of
the output format of `pass grep`.  It is here:
http://lists.zx2c4.com/pipermail/password-store/2015-August/001696.html).
The scripts I use in conjunction with pass are attached.  I use them to
auto generate a netrc file to be used with fetchmail.
-------------- next part --------------
GPGFILES := $(sort $(shell find . -iname '*.gpg'))
netrc: $(GPGFILES)
	@for file in $(GPGFILES:./%.gpg=%); do \
	  pass show $$file | bin/entry.awk;    \
	done > $@
	@chmod 600 $@
-------------- next part --------------
A non-text attachment was scrubbed...
Name: entry.awk
Type: text/x-awk
Size: 1930 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/5e9d4473/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/5e9d4473/attachment.asc>


More information about the Password-Store mailing list