Use password-store with weechat

pablo1+pass at mailbox.org pablo1+pass at mailbox.org
Mon Nov 26 20:43:02 CET 2018 


Well, that gets rid of the prompt at login, but does not avoid having
passwords in the weechat config.

Even though it is encrypted with a passphrase, I want to keep all my
passwords in *one* place - pass.

I host my configs in a public dotfiles repo, and would like not to
have to worry about sensitive data being published somewhere. Even
though weechat may be encrypted, it is one extra place you have to
think about how to manage, guard, sync and safely store (another
"attack vector").

Also, I have to get rid of the salt, making the encryption even
weaker. Might be paranoid, but I don't feel confortable pushing
unsalted passwords, encrypted by some application to a public repo.

Also sync and lookup are to extra steps to configure.

Would it be possible to get weechat config strings from environment
variables? i.e. having a FREENODE_PASS var e.g.?

That would at least get rid of the passwords inside weechats
config files, though I don't know if exposing passwords as environment
variables is a good idea, as any application could read them.


Cheers,

Pablo

On Mon, Nov 26, 2018 at 07:09:08PM +0100, Tharre wrote:
> Hi,
> 
> On 11/26, pablo1+pass at mailbox.org wrote:
> > Hello,
> > 
> > I was wondering if someone has found a way to integrate pass in
> > weechat.
> > 
> > Weechat's config doesn't allow to sepecify external programs to be
> > run. There is a issue on the github page
> > (https://github.com/weechat/weechat/issues/141) for this problem, but
> > I don't have much hope of it being implemented soon.
> > 
> > Their approach seems to be their own "secure storage", but I would
> > like to use pass, since I have everything in there already.
> > 
> > Has someone found a workaround? Any weechat users?
> > 
> > Cheers,
> > Pablo
> > 
> 
> The workaround I use in my dotfiles[0] is simply letting weechat have
> it's fancy secure storage and providing the passphrase via pass:
> 
> $ WEECHAT_PASSPHRASE="$(pass personal/weechat)" weechat
> 
> Then turn the salt off in sec.conf:
> 
> [crypt]
> salt = off
> 
> so weechat doesn't re-salt everything all the time.
> 
> It's not pretty, but works very well.
> 
> [0] https://github.com/Tharre/dotfiles
> 
> Regards,
> 
> Tharre
> 
> -- 
> PGP fingerprint: 42CE 7698 D6A0 6129 AA16  EF5C 5431 BDE2 C8F0 B2F4


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20181126/72663bac/attachment.asc>

More information about the Password-Store mailing list