[PATCH] Do not add newline at the end of the password

Tobias Girstmair t-passwd at girst.at
Thu Apr 14 12:48:28 UTC 2022

On Thu, Apr 14, 2022 at 01:26:47PM +0200, Daniel Mach wrote:
>SaltStack strips leading/trailing whitespaces from the password [1],
>because pass adds a newline when entering passwords interactively.
>Pass is capable of storing multiline passwords which are stored as
>provided. That includes storing binary data as well. If such password
>has leading/traling whitespaces, they get stripped in SaltStack
>and the password becomes invalid.
>This change fixes the inconsistency by always storing the passwords
>as provided, with no extra characters added.
>To retain good user experience, a newline is printed to stderr after
>printing a password.

this looks like a bad idea to me, sorry to say. the data format 
described on passwordstore.org is textual, not binary. also, printing a 
newline on stderr unconditionally is a bit unelegant (when stdout was 
redirected somewhere, a newline is still printed to the terminal). 

two admittedly contrived examples:

printf "fetching password ..." >&2
foo="$(pass show foo)"
printf "done\n" >&2
# note how the status message now has a line break in it. would even 
# worse when the program uses printf "\r" for a loading bar.

pass show foo | cat - /etc/hostname
# note that instead of two lines, cat returns both items on a single 
# line now.

AFAICT, pass insert -m does not add an extra line terminator. doesn't 
this suffice for your usecase?

personally, i base64 encode all binary blobs i store in pass. this has 
the added benefit of (1) making it clear that these are bytes and (2) i 
can add metadata in the usual http-header-like format below it, still.

More information about the Password-Store mailing list