pass show --pipe

vadyalex vadyalex at
Wed Nov 15 20:07:52 UTC 2023

Hello there!

First of all thank you for this wonderful project!

I mostly use pass on laptop either via `pass show --clip ..` or via
`pass show ..` then selecting and copying directly from terminal and
pasting to the target place, - mostly browser.

Recently I needed to extract copy of the password and encrypted it
with gpg for CI system and then paste result inside yaml file; In
order to produce encrypted message I did: `pass show the_password_file
| gpg -a -e -r ci`

After long hours of investigation I understood that `pass show --clip
the_password_file` and `pass show the_password_file` as well as
`$(pass show the_password_file)` are not equal (given that
the_password_file was produced via: `echo -n 'the_password' | pass
insert --echo the_password_file

`pass show --clip the_password_file` copies password to clipboard -
i.e. copies content of the first line <-- does not include trailing
new line
`pass show the_password_file` - send content to standard output <--
includes trailing new line
`$(pass show the_password_file)` - send content to standard output <--
command substitution removes trailing new line

My confusion was due to fact the I assumed since I produced the
content for `the_password` without new line characters I would consume
it as such..
It is in the retrospect I understand that in order to store password
on the first line one must indicate new line and store for further

If I would produce `the_password` via temporary file and insert
multi-line option: `echo -n 'the_password' >
/tmp/the_password_file.tmp && pass insert -m the_password_file <

That way `pass show the_password_file` would produce equal result as
`pass show --clip the_password_file` but this approach is heavily
restricted by the way how it was created.
In order to remove trailing new line one could use command
substitution:  `echo -n $(pass show the_password_file)` and for

So what I think I want is the way to output the password without
trailing new line to standard output exactly like `--clip`;
introducing new `--pipe` option along with `--clip` and `--qrcode`

Here is my proposed patch:

diff --git a/src/ b/src/
index 22e818f..bcc44cc 100755
--- a/src/
+++ b/src/
@@ -366,24 +366,25 @@ cmd_init() {

 cmd_show() {
-    local opts selected_line clip=0 qrcode=0
-    opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")"
+    local opts selected_line clip=0 qrcode=0 pipe=0
+    opts="$($GETOPT -o q::c::p:: -l qrcode::,clip::,pipe:: -n
"$PROGRAM" -- "$@")"
     local err=$?
     eval set -- "$opts"
     while true; do case $1 in
         -q|--qrcode) qrcode=1; selected_line="${2:-1}"; shift 2 ;;
         -c|--clip) clip=1; selected_line="${2:-1}"; shift 2 ;;
+        -p|--pipe) pipe=1; selected_line="${2:-1}"; shift 2 ;;
         --) shift; break ;;
     esac done

-    [[ $err -ne 0 || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die
"Usage: $PROGRAM $COMMAND [--clip[=line-number],-c[line-
[--qrcode[=line-number],-q[line-number]] [pass-name]"
+    [[ $err -ne 0 || ( $qrcode -eq 1 && $clip -eq 1 && $pipe -eq 1 )
]] && die "Usage: $PROGRAM $COMMAND
[--pipe[=line-number],-p[line-number]] [pass-name]"

     local pass
     local path="$1"
     local passfile="$PREFIX/$path.gpg"
     check_sneaky_paths "$path"
     if [[ -f $passfile ]]; then
-        if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then
+        if [[ $clip -eq 0 && $qrcode -eq 0 && $pipe -eq 0 ]]; then
             pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $?
             echo "$pass" | $BASE64 -d
@@ -394,6 +395,8 @@ cmd_show() {
                 clip "$pass" "$path"
             elif [[ $qrcode -eq 1 ]]; then
                 qrcode "$pass" "$path"
+            elif [[ $pipe -eq 1 ]]; then
+                echo -n "$pass"
     elif [[ -d $PREFIX/$path ]]; then

More information about the Password-Store mailing list