From 2c7v7czk85j3 at protonmail.com Thu Apr 1 17:54:56 2021 From: 2c7v7czk85j3 at protonmail.com (Valera Rozuvan) Date: Thu, 01 Apr 2021 17:54:56 +0000 Subject: How to make pass read input from Bash ENV variable? Message-ID: Hi! I am struggling to find a way to save/edit a password with `pass` that is stored in an ENV variable. I am also not finding an option in `pass` man page on how to do this. What comes to my mind is something like this: $ PASS="1234567890" $ echo $PASS | pass insert my_pass But after running the above 2 commands, I get an error when I try to retrieve the password: $ pass my_pass Error: my_pass is not in the password store. ---------- Is there a way to do this? Or maybe the only way is to hack on `pass` and add a command line option to make it read from a Linux pipe? Regards, Valera Rozuvan From 2c7v7czk85j3 at protonmail.com Thu Apr 1 18:48:50 2021 From: 2c7v7czk85j3 at protonmail.com (Valera Rozuvan) Date: Thu, 01 Apr 2021 18:48:50 +0000 Subject: How to make pass read input from Bash ENV variable? In-Reply-To: References: Message-ID: <7Mz15_JmGuvkBwOAngsmlDcrD5Jjuh3TiMvbnwOpc0jXiEZPQ4NyF2GrwUpQ7syZF_GD_3l4LLjolJsTui6Ghuo67hO7mi5mEIzw16e0XDE=@protonmail.com> Hi S?ndor, You write: > The command is wrong I think. > > Shouldn't it be? > pass show my_pass However, from the man page: "If no COMMAND is specified, COMMAND defaults to either show or ls, depending on the type of specifier in ARGS." ---------- For my original question, I got help elsewhere and the solution is to include the `-m` option, like so: $ echo "Hello, world!" | pass insert -m my_pass $ pass my_pass Hello, world! ---------- Regards, Valera Rozuvan From max+passwordstore at familie-goerner.eu Fri Apr 2 07:43:31 2021 From: max+passwordstore at familie-goerner.eu (Max =?iso-8859-1?Q?G=F6rner?=) Date: Fri, 2 Apr 2021 09:43:31 +0200 Subject: How to make pass read input from Bash ENV variable? In-Reply-To: References: Message-ID: >$ PASS="1234567890" >$ echo $PASS | pass insert my_pass Your problem is that pass expects the password two times but you provide it only once. A solution would be to be `yes`: $ PASS="super-secure" $ yes "${PASS}" | pass insert my_pass I hope this helps. Regards Max G?rner From 2c7v7czk85j3 at protonmail.com Fri Apr 2 08:00:27 2021 From: 2c7v7czk85j3 at protonmail.com (Valera Rozuvan) Date: Fri, 02 Apr 2021 08:00:27 +0000 Subject: How to make pass read input from Bash ENV variable? In-Reply-To: References: Message-ID: On Friday, April 2, 2021 10:43 AM, Max G?rner wrote: > A solution would be to be `yes`: > > $ PASS="super-secure" > $ yes "${PASS}" | pass insert my_pass > > I hope this helps. Thank you Max. So, now I know that it is possible, and there are 2 ways to do this: $ PASS="super-secure-1" $ yes "${PASS}" | pass insert my_pass > /dev/null 2>&1 $ pass my_pass super-secure-1 $ PASS="super-secure-2" $ echo "${PASS}" | pass insert -m my_pass > /dev/null 2>&1 $ pass my_pass super-secure-2 Note that I am using "> /dev/null 2>&1" to suppress extra empty lines in the output. Regards, Valera Rozuvan From ramses0 at yahoo.com Fri Apr 2 17:20:25 2021 From: ramses0 at yahoo.com (Robert Ames) Date: Fri, 2 Apr 2021 17:20:25 +0000 (UTC) Subject: Fw: [PATCH] Print full paths in pipeline / non-interactive usage In-Reply-To: <574068210.1019777.1616980408161@mail.yahoo.com> References: <1685964586.2440255.1563609052450.ref@mail.yahoo.com> <1685964586.2440255.1563609052450@mail.yahoo.com> <574068210.1019777.1616980408161@mail.yahoo.com> Message-ID: <542237279.156246.1617384025187@mail.yahoo.com> re: non-interactive usage, resurrecting this patch (with tests) from 2019. I run it locally (as I am constantly `pass show | grep ...`-ing) and have had no issues with it since developing it. --Robert Begin forwarded message: On Saturday, July 20, 2019, 2:50 AM, Robert Ames wrote: > When working with nested password directories / structures, it's a pain to pick out a particular password key/identifier for copy/paste.? This patch (and test) is the beginning of teaching pass about interactive v. non-interactive usage so that `pass ls` will print fully qualified identifiers when in non-interactive mode. > > The gist of it is captured below, and similar behavior can be seen in the `lastpass-cli` tool (not that lastpass is a great example of what to do in general, but it's very handy to have access to the fully qualified password identifiers). > > https://github.com/lastpass/lastpass-cli/blob/master/cmd-ls.c#L287-L288 > > $ ./src/password-store.sh ls > Password Store > ??? xxxxxxxx > ??? ??? xxxxx.xxx > ??? xxxxx > ??? ??? xxxxxxxxxxxxx.xxx > ??? ??? xxxxxxx.xxx > ??? ??? xxxxxxx.xxx > ??? ??? xxxxxxxxx.xxx > ??? ??? xxxxxxxxxxxxxxxxxxx.xxx > ??? ??? xxxxxxxx.xxx > ??? ??? xx.xx-xxxxxxxx > ??? ??? xx.xxxxx.xxx > ??? ??? ??? xxx-xxx > ??? ??? xxxxxxx.xxx > ??? ??? xxxxxxxx > ??? ??? ??? xxxxxx-xxxxx > ??? ??? ??? xxxxx-xxxxx-xxxxxxxx > ??? ??? ??? xxxxx-xxxxx-xxxxxxx > ??? ??? xxxxxx.xxx > > $ ./src/password-store.sh ls | cat > xxxxxxxx/xxxxx.xxx > xxxxx/xxxxxxx.xxx > xxxxx/xx.xxxxx.xxx/xxx-xxx > xxxxx/xxxxxxx.xxx > xxxxx/xxxxxxx.xxx > xxxxx/xxxxxxxx.xxx > xxxxx/xx.xx-xxxxxxxx > xxxxx/xxxxxxxxxxxxx.xxx > xxxxx/xxxxxxxxx.xxx > xxxxx/xxxxxxxx/xxxxx-xxxxx-xxxxxxxx > xxxxx/xxxxxxxx/xxxxxx-xxxxx > xxxxx/xxxxxxxx/xxxxx-xxxxx-xxxxxxx > xxxxx/xxxxxx.xxx > xxxxx/xxxxxxxxxxxxxxxxxxx.xxx > > $ ./src/password-store.sh ls | while read id ; do echo "--==[[ $id ]]==--" ; echo ./src/password-store.sh show $id ; done > --==[[ xxxxxxxx/xxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxxxxx/xxxxx.xxx > --==[[ xxxxx/xxxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxx.xxx > --==[[ xxxxx/xx.xxxxx.xxx/xxx-xxx ]]==-- > ./src/password-store.sh show xxxxx/xx.xxxxx.xxx/xxx-xxx > --==[[ xxxxx/xxxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxx.xxx > --==[[ xxxxx/xxxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxx.xxx > --==[[ xxxxx/xxxxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxxx.xxx > --==[[ xxxxx/xx.xx-xxxxxxxx ]]==-- > ./src/password-store.sh show xxxxx/xx.xx-xxxxxxxx > --==[[ xxxxx/xxxxxxxxxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxxxxxxxx.xxx > --==[[ xxxxx/xxxxxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxxxx.xxx > --==[[ xxxxx/xxxxxxxx/xxxxx-xxxxx-xxxxxxxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxxx/xxxxx-xxxxx-xxxxxxxx > --==[[ xxxxx/xxxxxxxx/xxxxxx-xxxxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxxx/xxxxxx-xxxxx > --==[[ xxxxx/xxxxxxxx/xxxxx-xxxxx-xxxxxxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxxx/xxxxx-xxxxx-xxxxxxx > --==[[ xxxxx/xxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxx.xxx > --==[[ xxxxx/xxxxxxxxxxxxxxxxxxx.xxx ]]==-- > ./src/password-store.sh show xxxxx/xxxxxxxxxxxxxxxxxxx.xxx > > > > >> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Print-full-paths-in-pipeline-non-interactive-usage.patch Type: text/x-patch Size: 2836 bytes Desc: not available URL: From jarraneil at gmail.com Sat Apr 3 16:54:08 2021 From: jarraneil at gmail.com (Neil Webster) Date: Sat, 3 Apr 2021 12:54:08 -0400 Subject: Migrating to new computer Message-ID: <1a96b7d2-d329-2cc7-7c68-bd20bf2266ae@gmail.com> Hello, I am sure this ought to be quite simple but I am having a heck of a time figuring out how to migrate my password store from an old drive to a new SSD drive. I have moved the contents of the .password-store folder across and can see all of the *.gpg files. I exported the gpg keys using the old drive gpg --export-secret-keys --armor --output privkey.asc my at emailaddress.com and tried importing on the new drive using gpg --import privkey.asc When I try to access the password store using pass it says gpg: decryption failed: No secret key I have looked around on-line and can't find a good how-to for this common use case. Any help or pointers greatly appreciated. Regards, Neil From mail at maciej.szmigiero.name Sat Apr 3 17:00:35 2021 From: mail at maciej.szmigiero.name (Maciej S. Szmigiero) Date: Sat, 3 Apr 2021 19:00:35 +0200 Subject: Migrating to new computer In-Reply-To: <1a96b7d2-d329-2cc7-7c68-bd20bf2266ae@gmail.com> References: <1a96b7d2-d329-2cc7-7c68-bd20bf2266ae@gmail.com> Message-ID: <39fafe02-c92b-df81-25fe-7882b5b1c09d@maciej.szmigiero.name> Hi Neil, On 03.04.2021 18:54, Neil Webster wrote: > Hello, > > I am sure this ought to be quite simple but I am having a heck of a time figuring out how to migrate my password store from an old drive to a new SSD drive. I have moved the contents of the .password-store folder across and can see all of the *.gpg files. I exported the gpg keys using the old drive > > gpg --export-secret-keys --armor --output privkey.asc my at emailaddress.com > > and tried importing on the new drive using > > gpg --import privkey.asc > > When I try to access the password store using pass it says > > gpg: decryption failed: No secret key > > I have looked around on-line and can't find a good how-to for this common use case. > > Any help or pointers greatly appreciated. And what does gpg -K say? Did you try decrypting any password file manually using gpg (without pass)? BTW: That's more of a GPG question than a pass one. > Regards, Neil > Maciej From jarraneil at gmail.com Sat Apr 3 17:06:23 2021 From: jarraneil at gmail.com (Neil Webster) Date: Sat, 3 Apr 2021 13:06:23 -0400 Subject: Migrating to new computer In-Reply-To: <39fafe02-c92b-df81-25fe-7882b5b1c09d@maciej.szmigiero.name> References: <1a96b7d2-d329-2cc7-7c68-bd20bf2266ae@gmail.com> <39fafe02-c92b-df81-25fe-7882b5b1c09d@maciej.szmigiero.name> Message-ID: Thanks Maciej, gpg -K returns with nothing Running gpg directly on a file in the password store using gpg -d filename gives gpg: encrypted with 3072-bit RSA key, ID 94FDE31D5B3E9BC6, created 2020-03-11 ????? "my at emailaddress.com" gpg: decryption failed: No secret key Cheers, Neil On 4/3/21 1:00 PM, Maciej S. Szmigiero wrote: > Hi Neil, > > On 03.04.2021 18:54, Neil Webster wrote: >> Hello, >> >> I am sure this ought to be quite simple but I am having a heck of a >> time figuring out how to migrate my password store from an old drive >> to a new SSD drive. I have moved the contents of the .password-store >> folder across and can see all of the *.gpg files. I exported the gpg >> keys using the old drive >> >> gpg --export-secret-keys --armor --output privkey.asc >> my at emailaddress.com >> >> and tried importing on the new drive using >> >> gpg --import privkey.asc >> >> When I try to access the password store using pass it says >> >> gpg: decryption failed: No secret key >> >> I have looked around on-line and can't find a good how-to for this >> common use case. >> >> Any help or pointers greatly appreciated. > > And what does gpg -K say? > Did you try decrypting any password file manually using gpg (without > pass)? > > BTW: > That's more of a GPG question than a pass one. > >> Regards, Neil >> > > Maciej From mail at maciej.szmigiero.name Sat Apr 3 17:50:15 2021 From: mail at maciej.szmigiero.name (Maciej S. Szmigiero) Date: Sat, 3 Apr 2021 19:50:15 +0200 Subject: Migrating to new computer In-Reply-To: References: <1a96b7d2-d329-2cc7-7c68-bd20bf2266ae@gmail.com> <39fafe02-c92b-df81-25fe-7882b5b1c09d@maciej.szmigiero.name> Message-ID: On 03.04.2021 19:06, Neil Webster wrote: > Thanks Maciej, > > gpg -K > > returns with nothing That means you have no secret keys in your keyring. Inspect that exported privkey.asc whether it says "PRIVATE KEY" somewhere. Check ~/.gnupg/private-keys-v1.d/ whether there are any private keys there. Try importing that privkey.asc once again and notice what gpg says on import (as far as I remember it should say that it has imported 1 secret key or so). > > Cheers, Neil Maciej From gildasiojunior at riseup.net Fri Apr 9 02:09:03 2021 From: gildasiojunior at riseup.net (=?utf-8?B?R2lsZMOhc2lvIErDum5pb3I=?=) Date: Thu, 8 Apr 2021 23:09:03 -0300 Subject: otp in passmenu Message-ID: Hi all, I have the same demand as Alessandro Accardo mentioned in Sep 2018 [0]. He submited a patch, receive a feedback, updated it and I couldn't see any other new feedback. I had patched passmenu to support pass-otp too (in a bigger way than he did). I'm sending my patch to receive some feedback and talk about the demand we have. Anyway, thanks for your work. pass and passmenu as well are projects that I like a lot. Thank you. PS: I didn't have experience contribut with git patches by email. So please let me know if I did something wrong and how can get the right path. [0]: https://lists.zx2c4.com/pipermail/password-store/2018-September/003406.html -- []'s Gild?sio J?nior -------------- next part -------------- From bbfce317691dd9db9ac8b6bbd729a70260032dbf Mon Sep 17 00:00:00 2001 From: Gildasio Junior Date: Thu, 8 Apr 2021 23:04:44 -0300 Subject: [PATCH] Add pass-otp support in passmenu --- contrib/dmenu/README.md | 6 ++++-- contrib/dmenu/passmenu | 41 +++++++++++++++++++++++++++++++++-------- 2 files changed, 37 insertions(+), 10 deletions(-) diff --git a/contrib/dmenu/README.md b/contrib/dmenu/README.md index 9d54fb4..5e1b4ec 100644 --- a/contrib/dmenu/README.md +++ b/contrib/dmenu/README.md @@ -2,12 +2,14 @@ password manager. This design allows you to quickly copy a password to the clipboard without having to open up a terminal window if you don't already have one open. If `--type` is specified, the password is typed using [xdotool][] -instead of copied to the clipboard. +instead of copied to the clipboard. If `--otp` is specified, the password is +interpreted as a 2fa OTP token using [pass-otp][]. # Usage - passmenu [--type] [dmenu arguments...] + passmenu [--type] [--otp] [dmenu arguments...] [dmenu]: http://tools.suckless.org/dmenu/ [xdotool]: http://www.semicomplete.com/projects/xdotool/ [pass]: http://www.zx2c4.com/projects/password-store/ +[pass-otp]: https://github.com/tadfisher/pass-otp diff --git a/contrib/dmenu/passmenu b/contrib/dmenu/passmenu index 83268bc..e278330 100755 --- a/contrib/dmenu/passmenu +++ b/contrib/dmenu/passmenu @@ -2,24 +2,49 @@ shopt -s nullglob globstar +prefix=${PASSWORD_STORE_DIR-~/.password-store} typeit=0 -if [[ $1 == "--type" ]]; then - typeit=1 - shift -fi +otp='' +dir2fa='' +dmenu_options='' + +while [[ $# -gt 0 ]] +do +option="$1" + +case $option in + --type) + typeit=1 + shift + ;; + --otp) + otp='otp' + dir2fa='2fa/' + prefix=${PASSWORD_STORE_DIR-~/.password-store/$dir2fa} + shift + ;; + *) + dmenu_options="${dmenu_options} ${option}" + shift + ;; +esac +done -prefix=${PASSWORD_STORE_DIR-~/.password-store} password_files=( "$prefix"/**/*.gpg ) password_files=( "${password_files[@]#"$prefix"/}" ) password_files=( "${password_files[@]%.gpg}" ) -password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@") +if [[ $otp == '' ]]; then + password=$(printf '%s\n' "${password_files[@]}" | grep -v '2fa/' | dmenu $dmenu_options "$@") +else + password=$(printf '%s\n' "${password_files[@]}" | dmenu $dmenu_options "$@") +fi [[ -n $password ]] || exit if [[ $typeit -eq 0 ]]; then - pass show -c "$password" 2>/dev/null + pass $otp show -c "$dir2fa$password" 2>/dev/null else - pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | + pass $otp show "$dir2fa$password" | { IFS= read -r pass; printf %s "$pass"; } | xdotool type --clearmodifiers --file - fi -- 2.31.1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From mail at maciej.szmigiero.name Fri Apr 9 14:27:32 2021 From: mail at maciej.szmigiero.name (Maciej S. Szmigiero) Date: Fri, 9 Apr 2021 16:27:32 +0200 Subject: Is pass actively maintained? (Was: explicit GPG subkey for a subdir causes the whole subdir to be reencrypted when password is moved there) In-Reply-To: References: Message-ID: <03df3d31-6b5f-03df-435d-82e196ebd25e@maciej.szmigiero.name> On 20.03.2021 12:52, Maciej S. Szmigiero wrote: > Hi, > > When an explicit GPG subkey is set for a particular subdirectory pass will > reencrypt every password in that subdirectory each time a password file is > moved to that subdirectory. > (..) I see that the last pass release was 2.5+ years ago, since that time there were no maintainer-authored commits to the project's git repository. In the past 10 months there were just two commits overall, both from an outside contributor. Since the project maintainer has not posted to this ML since December last year, I wonder whether there are plans to still actively maintain pass? Thanks, Maciej From Jason at zx2c4.com Fri Apr 9 15:26:56 2021 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Fri, 9 Apr 2021 09:26:56 -0600 Subject: Is pass actively maintained? (Was: explicit GPG subkey for a subdir causes the whole subdir to be reencrypted when password is moved there) In-Reply-To: <03df3d31-6b5f-03df-435d-82e196ebd25e@maciej.szmigiero.name> References: <03df3d31-6b5f-03df-435d-82e196ebd25e@maciej.szmigiero.name> Message-ID: On 4/9/21, Maciej S. Szmigiero wrote: > On 20.03.2021 12:52, Maciej S. Szmigiero wrote: >> Hi, >> >> When an explicit GPG subkey is set for a particular subdirectory pass >> will >> reencrypt every password in that subdirectory each time a password file >> is >> moved to that subdirectory. >> > (..) > > I see that the last pass release was 2.5+ years ago, since that time > there were no maintainer-authored commits to the project's git > repository. > > In the past 10 months there were just two commits overall, both from an > outside contributor. > > Since the project maintainer has not posted to this ML since December > last year, I wonder whether there are plans to still actively maintain > pass? Yes, it is maintained. Adding quick one-off things to a bash script and sending a patch is easy, but actually keeping such a script sane and manageable is not. So, don't expect for all "feature" requests to be immediately picked up.or embraced. Jason From mail at maciej.szmigiero.name Fri Apr 9 16:12:11 2021 From: mail at maciej.szmigiero.name (Maciej S. Szmigiero) Date: Fri, 9 Apr 2021 18:12:11 +0200 Subject: Is pass actively maintained? (Was: explicit GPG subkey for a subdir causes the whole subdir to be reencrypted when password is moved there) In-Reply-To: References: <03df3d31-6b5f-03df-435d-82e196ebd25e@maciej.szmigiero.name> Message-ID: <3e02c7d9-e938-02e5-18df-2e2795ba0f7d@maciej.szmigiero.name> On 09.04.2021 17:26, Jason A. Donenfeld wrote: > On 4/9/21, Maciej S. Szmigiero wrote: >> On 20.03.2021 12:52, Maciej S. Szmigiero wrote: >>> Hi, >>> >>> When an explicit GPG subkey is set for a particular subdirectory pass >>> will >>> reencrypt every password in that subdirectory each time a password file >>> is >>> moved to that subdirectory. >>> >> (..) >> >> I see that the last pass release was 2.5+ years ago, since that time >> there were no maintainer-authored commits to the project's git >> repository. >> >> In the past 10 months there were just two commits overall, both from an >> outside contributor. >> >> Since the project maintainer has not posted to this ML since December >> last year, I wonder whether there are plans to still actively maintain >> pass? > > Yes, it is maintained. Adding quick one-off things to a bash script > and sending a patch is easy, but actually keeping such a script sane > and manageable is not. So, don't expect for all "feature" requests to > be immediately picked up.or embraced. Cool, thanks. > Jason > Maciej