[PATCH] Do not add newline at the end of the password

Johannes Altmanninger aclopte at gmail.com
Thu Apr 14 12:54:55 UTC 2022

On Thu, Apr 14, 2022 at 02:19:10PM +0200, Daniel Mach wrote:
> On 14. 04. 22 13:50, Johannes Altmanninger wrote:
> > On Thu, Apr 14, 2022 at 01:26:47PM +0200, Daniel Mach wrote:
> > > SaltStack strips leading/trailing whitespaces from the password [1],
> > > because pass adds a newline when entering passwords interactively.
> > SaltStack is removing too much. They should use the equivalent of
> > pass_show_output.removesuffix("\n").
> That's right. I'm planning to address this by sending a pull-request to
> SaltStack.


> On the other hand, if you store a multiline/binary password in pass, it can
> end with a newline, which still would end as an invalid password in
> SaltStack.

It sounds like you're suggesting that there is a flaw in pass that prevents
you from storing arbitrary data. I fail to see such a flaw.  Just make
sure to add the trailing newline when you insert into the password store
and remove the same newline when you read from it.

(of course "pass generate" and "pass insert" will add the newline automatically)

More information about the Password-Store mailing list