pass-otp 1.0.0 released (migration required)

Tad tadfisher at gmail.com
Mon Mar 20 22:31:05 CET 2017


Hello pass users,

I've released version 1.0.0 of the pass-otp extension. Here's a summary of
changes:

 * New: `insert` command accepts `otpauth://` URIs directly.
 * New: `append` command appends or replaces OTP URIs in existing passfiles.
 * New: `validate` command validates an `otpauth://` URI against the
   Key Uri Format standard.
 * Rename `show` to `code` for disambiguation from `pass show`. `show` is still
   supported as an alias.

 * **Drop `insert totp` and `insert hotp` commands.** These were cumbersome to
   support and are obviated by key URIs.

 * **Drop support for the 0.1.0 OTP passfile format.** Please see the
   "Migrating from pass-otp 0.1.0" section of the README for advice on migrating
   your OTP passfiles from the previous version.

 * **Drop support for entering OTP secrets as arguments.** This practice is
   prone to history leakage, which is (probably) why it is not supported by
   `pass insert`. Intrepid users may use `echo <uri> | pass otp insert`, but
   they should be warned to disable their shell's history feature.

I apologize for changing the file format, but it is ultimately for the best, as
pass-otp is now fundamentally compatible with all third-party OTP authenticators
which use standard OTP key URIs. I'm available to assist with any migration
issues; simply reply to this mail or post an issue on github.

You may download pass-otp from Github:

https://github.com/tadfisher/pass-otp

Happy passing!
Tad Fisher


More information about the Password-Store mailing list