[pass] Feature Proposal: Edit Before Save and Commit

Jonas Kalderstam jonas at cowboyprogrammer.org
Sun Mar 20 23:03:01 CET 2016

On 03/20/2016 07:20 PM, al wrote:
> A frequent problem I encounter is that I must constantly generate
> passwords for weaker sites (I am new to the list, so let's all crack up
> and suppose banking sites).  I use the following command of course.
>> pass generate -c folder/my-crappy-insecure-web-app-du-jour 24
> Only to discover after the fact the vague, and often completely
> unpublished, password requirements are weaker than even advertised.

I found this to be any issue too. This line has never failed me yet though:

    pwgen -B -s 20 1

It does not include the `-y` argument (symbols) which is typically what
some stupid sites will prevent you from using.

>  So
> I must go through a constant hair-pulling
>> pass git reset --hard HEAD~1

There is a better way. I'll paste a script I use. It generates a
password, and opens an editor for you. The password will be in the
clipboard (middle-mouse button for me) so you can paste into the site
and actually register successfully before saving and committing.

Call it with:

    password_edit.sh folder/my-crappy-insecure-web-app-du-jour

Script follows:
#!/usr/bin/env bash

# A simple wrapper for pass edit. Takes one argument, and that is the
# password file to open (which can be new).  As a convenience, a new
# password is generated and placed in the clipboard so you can paste
# it with Mouse3.

if [ $# -eq 0 ]; then
    echo "No arguments provided"
    exit 1


# Borrowing from pass
clip() {
  # This base64 business is because bash cannot store binary data in a
  # shell variable. Specifically, it cannot store nulls nor
  # (non-trivally) store trailing new lines.
  local sleep_argv0="password store sleep on display $DISPLAY"
  local before
  local now
  pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
  before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)"
  echo -n "$1" | xclip -selection "$X_SELECTION" || \
    die "Error: Could not copy data to the clipboard"
    ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
    now="$(xclip -o -selection "$X_SELECTION" | base64)"
    [[ $now != $(echo -n "$1" | base64) ]] && before="$now"

    # It might be nice to programmatically check to see if klipper
    # exists, as well as checking for other common clipboard
    # managers. But for now, this works fine -- if qdbus isn't there
    # or if klipper isn't running, this essentially becomes a no-op.
    # Clipboard managers frequently write their history out in
    # plaintext, so we axe it here:
    qdbus org.kde.klipper \
          /klipper org.kde.klipper.klipper.clearClipboardHistory \

    echo "$before" | base64 -d | xclip -selection "$X_SELECTION"
  ) 2>/dev/null & disown
  #echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds."

# -B - don't use ambiguious characters
# -s - added randomness
# 20 chars long
# 1 output only
pw=$(pwgen -B -s 20 1)

# Copy password to clipboard
clip "$pw"

# Open editor, paste password with Mouse3
pass edit "$1"

More information about the Password-Store mailing list