[PATCH] show: add option to redact password (using red-on-red text) in show output

Sun Aug 20 00:35:05 CEST 2017

Example usage:
  pass show --redact /test/test
  pass show --red /test/test
  pass show -r /test/test

The red-on-red text allows the password to be cut/pasted from the output
but can't be read on the display or in the scroll-back buffer.
---
 src/password-store.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index b86631d..7a05bd4 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -345,24 +345,29 @@ cmd_init() {
 }
 
 cmd_show() {
-	local opts selected_line clip=0 qrcode=0
-	opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")"
+	local opts selected_line clip=0 qrcode=0 redact=0
+	opts="$($GETOPT -o q::c::r -l qrcode::,clip::,redact -n "$PROGRAM" -- "$@")"
 	local err=$?
 	eval set -- "$opts"
 	while true; do case $1 in
 		-q|--qrcode) qrcode=1; selected_line="${2:-1}"; shift 2 ;;
 		-c|--clip) clip=1; selected_line="${2:-1}"; shift 2 ;;
+		-r|--redact) redact=1; shift 1 ;;
 		--) shift; break ;;
 	esac done
 
-	[[ $err -ne 0 || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--clip[=line-number],-c[line-number]] [--qrcode[=line-number],-q[line-number]] [pass-name]"
+	[[ $err -ne 0 || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--clip[=line-number],-c[line-number]] [--qrcode[=line-number],-q[line-number]] [--redact,-r] [pass-name]"
 
 	local path="$1"
 	local passfile="$PREFIX/$path.gpg"
 	check_sneaky_paths "$path"
 	if [[ -f $passfile ]]; then
 		if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then
-			$GPG -d "${GPG_OPTS[@]}" "$passfile" || exit $?
+			if [[ $redact -eq 0 ]]; then
+				$GPG -d "${GPG_OPTS[@]}" "$passfile" || exit $?
+			else
+				$GPG -d "${GPG_OPTS[@]}" "$passfile" | sed -Ee '1{s/^(.*)$/\x1b[41;31m\1\x1b[0m/}' || exit $?
+			fi
 		else
 			[[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number."
 			local pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)"
-- 
2.14.1

