From mahfuz.sust001 at gmail.com Thu Feb 8 09:56:16 2024 From: mahfuz.sust001 at gmail.com (Mahfuzur Rahman) Date: Thu, 8 Feb 2024 10:56:16 +0100 Subject: PassBook: Cross platform GUI application for pass Message-ID: I have been using the pass for quite some time and I like it. Previously, I was using 1Password, Bitwarden, and Keepass. But when I got to know about it, I started using it as my daily tool. I liked the GUI of 1Password and got used to it. That's why I wanted to make something similar for pass and developed an Electron application to support my pass integration with git. Please have a look at it and share your valuable feedback. If everything is okay then please add it to the compatible client section, so others can use and share valuable feedback. https://github.com/mahfuzsust/passbook -- Regards, Mahfuzur Rahman From doug.hs at proton.me Thu Feb 8 11:26:41 2024 From: doug.hs at proton.me (Douglas Silva) Date: Thu, 08 Feb 2024 11:26:41 +0000 Subject: PassBook: Cross platform GUI application for pass In-Reply-To: References: Message-ID: <-SDMcD2LMS2P8Hmivpyx4llsYpChqrgMJaym-8Yg3U_Wwwun5LcS9E8xghtDrulFSSmc9Vx0-G4CBIltCgUgshf1ixUYWSrnTcayuQa8m_c=@proton.me> Cool idea. I noticed that the "speakeasy" library you're using is unmaintained and hasn't seen updates in almost a decade. Em quinta-feira, 8 de fevereiro de 2024 ?s 6:56 AM, Mahfuzur Rahman escreveu: > I have been using the pass for quite some time and I like it. > Previously, I was using 1Password, Bitwarden, and Keepass. But when I > got to know about it, I started using it as my daily tool. > > I liked the GUI of 1Password and got used to it. That's why I wanted > to make something similar for pass and developed an Electron > application to support my pass integration with git. > > Please have a look at it and share your valuable feedback. If > everything is okay then please add it to the compatible client > section, so others can use and share valuable feedback. > https://github.com/mahfuzsust/passbook > > -- > Regards, > Mahfuzur Rahman From mahfuz.sust001 at gmail.com Thu Feb 8 12:51:02 2024 From: mahfuz.sust001 at gmail.com (Mahfuzur Rahman) Date: Thu, 8 Feb 2024 13:51:02 +0100 Subject: PassBook: Cross platform GUI application for pass In-Reply-To: <-SDMcD2LMS2P8Hmivpyx4llsYpChqrgMJaym-8Yg3U_Wwwun5LcS9E8xghtDrulFSSmc9Vx0-G4CBIltCgUgshf1ixUYWSrnTcayuQa8m_c=@proton.me> References: <-SDMcD2LMS2P8Hmivpyx4llsYpChqrgMJaym-8Yg3U_Wwwun5LcS9E8xghtDrulFSSmc9Vx0-G4CBIltCgUgshf1ixUYWSrnTcayuQa8m_c=@proton.me> Message-ID: Thanks for your feedback. I have replaced the "speakeasy" library with "otpauth" library and published the changes. -- Regards, Mahfuzur Rahman On Thu, Feb 8, 2024 at 12:26?PM Douglas Silva wrote: > > Cool idea. I noticed that the "speakeasy" library you're using is unmaintained and hasn't seen updates in almost a decade. > > > Em quinta-feira, 8 de fevereiro de 2024 ?s 6:56 AM, Mahfuzur Rahman escreveu: > > > I have been using the pass for quite some time and I like it. > > Previously, I was using 1Password, Bitwarden, and Keepass. But when I > > got to know about it, I started using it as my daily tool. > > > > I liked the GUI of 1Password and got used to it. That's why I wanted > > to make something similar for pass and developed an Electron > > application to support my pass integration with git. > > > > Please have a look at it and share your valuable feedback. If > > everything is okay then please add it to the compatible client > > section, so others can use and share valuable feedback. > > https://github.com/mahfuzsust/passbook > > > > -- > > Regards, > > Mahfuzur Rahman From info at rjekker.nl Thu Feb 15 16:33:04 2024 From: info at rjekker.nl (Code Sensei (info)) Date: Thu, 15 Feb 2024 16:33:04 +0000 Subject: Patch: transient UI Message-ID: <0C0E04A3-277C-4640-BE33-8DE66DD91DBA@rjekker.nl> Add transient UI This patch adds a lot of functionality to the emacs library to make it more user-friendly (IMHO). It contains a bunch of things I've written to make my life easier and to integrate better with emacs. To create a nice menu interface, it takes advantage of the transient library that has been recently added to emacs, but it will still work when transient is not present. There's a bunch of new functions for working with pass entries as well (see below), all of which are exposed through the password-store-menu function. When editing pass entries with emacs directly (by simply visiting the file instead of going through "pass edit"), a new major mode will make sure to automatically commit changes to VC. Here's a list of features I've added: - New function password-store-menu that shows a transient interface exposing almost everything pass can do through one or two keypresses. - When using the transient menu, we allow calling "pass generate" with -i, -f, -n switches and a customizable length - New function password-store-view: open pass entry in view mode - New function password-store-browse-and-copy: open URL and copy secret - New function password-store-dired: open password-store-dir in dired - New function password-store-visit: visit entry using current emacs for editing, without going through "pass edit" - New functions password-store-pull, -push, -diff that call vc-pull, vc-push, vc-diff - New function password-store-insert-multiline, that uses popup buffer to edit the new entry. - New function password-store--completing-read-new-entry that asks for confirmation when you select an existing file. Used by password-store-insert as an analogue for the --force flag. - Major mode password-store-edit-mode for gpg files in the password store. Currently the only thing this does, is auto-commit to VC when saving. - Auto-commit can be disabled through custom setting - Call password-store-enable to setup keybinding for menu as well as major mode for editing password files - Customize keybinding Patch: transient UI --- contrib/emacs/password-store.el | 218 +++++++++++++++++++++++++++++++- 1 file changed, 216 insertions(+), 2 deletions(-) diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el index c7cc991..53236b3 100644 --- a/contrib/emacs/password-store.el +++ b/contrib/emacs/password-store.el @@ -33,10 +33,18 @@ ;; https://www.passwordstore.org/ +;; To enable the standard behaviour, load this library and +;; call password-store-enable, like this: + +;; (require 'password-store) +;; (password-store-enable) + ;;; Code: (require 'with-editor) (require 'auth-source-pass) +(require 'vc) +(require 'epa) (defgroup password-store '() "Emacs mode for password-store. @@ -69,6 +77,18 @@ Don't forget to mention your Emacs and library versions."))) :group 'password-store :type 'string) +(defcustom password-store-edit-auto-commit t + "Automatically commit edited password files to version control." + :group 'password-store + :type 'boolean) + +(defcustom password-store-menu-key "C-c p" + "Key to bind to the password-store-menu command. + +This is used by the password-store-enable command." + :group 'password-store + :type 'key) + (defvar password-store-executable (executable-find "pass") "Pass executable.") @@ -82,7 +102,7 @@ Don't forget to mention your Emacs and library versions."))) This function just returns `password-store-time-before-clipboard-restore'. Kept for backward compatibility with other libraries." -password-store-time-before-clipboard-restore) + password-store-time-before-clipboard-restore) (make-obsolete 'password-store-timeout 'password-store-time-before-clipboard-restore "2.0.4") @@ -342,7 +362,7 @@ Separate multiple IDs with spaces." ;;;###autoload (defun password-store-insert (entry password) "Insert a new ENTRY containing PASSWORD." - (interactive (list (password-store--completing-read) + (interactive (list (password-store--completing-read-new-entry) (read-passwd "Password: " t))) (let* ((command (format "echo %s | %s insert -m -f %s" (shell-quote-argument password) @@ -354,6 +374,68 @@ Separate multiple IDs with spaces." (message "Cannot insert entry for %s" entry)) nil)) +;;;###autoload +(defun password-store-insert-multiline (entry) + (interactive (list (password-store--completing-read-new-entry))) + (when entry + (ignore-errors + (kill-buffer password-store--insert-buffer-name t)) + (let ((buffer (get-buffer-create password-store--insert-buffer-name))) + (message "%s ""Please insert text for new pass entry, then press `C-c C-c' to save, or `C-c C-k' to cancel.") + (with-current-buffer buffer + (password-store-insert-mode) + (setq-local password-store-new-entry entry)) + (pop-to-buffer buffer) + ""))) + +(defun password-store--insert-save () + (interactive) + (with-current-buffer (get-buffer password-store--insert-buffer-name) + (password-store-insert password-store-new-entry (buffer-string))) + (password-store--kill-insert-buffer t)) + +(defun password-store--commit-on-save () + (when password-store-edit-auto-commit + (when-let ((backend (vc-responsible-backend (password-store-dir) t))) + (let ((entry (password-store--file-to-entry (buffer-file-name)))) + (when (not (vc-registered (buffer-file-name))) + (vc-register)) + (vc-call-backend backend 'checkin (list buffer-file-name) + (format "Edit password for %s using Emacs" entry) nil))))) + +(define-derived-mode password-store-edit-mode text-mode "pass-edit" + "Major mode for editing password-store entries, which auto-commits changes." + (add-hook 'after-save-hook 'password-store--commit-on-save nil t)) + +(defvar-keymap password-store-insert-mode-map + :parent text-mode-map + "C-c C-c" #'password-store--insert-save + "C-c C-k" #'password-store--kill-insert-buffer) + +(defun password-store--maybe-edit-mode () + "Start pass-edit mode, but only when we are in the password store" + (when (file-in-directory-p (buffer-file-name) (password-store-dir)) + (password-store-edit-mode))) + +(define-derived-mode password-store-insert-mode text-mode "pass-insert" + "Major mode for editing new password-store entries." + (setq buffer-offer-save nil)) + +(defun password-store--kill-insert-buffer (&optional force) + (interactive) + (when (or force + (yes-or-no-p "Cancel new pass entry?")) + (kill-buffer password-store--insert-buffer-name))) + +(defun password-store--completing-read-new-entry () + "Prompt for name of new pass entry, ask confirmation if it exists" + (let* + ((entry (password-store--completing-read)) + (exists (file-exists-p (password-store--entry-to-file entry)))) + (when (or (not exists) + (yes-or-no-p (format "Overwrite entry %s?" entry))) + entry))) + ;;;###autoload (defun password-store-generate (entry &optional password-length) "Generate a new password for ENTRY with PASSWORD-LENGTH. @@ -414,6 +496,138 @@ Default PASSWORD-LENGTH is `password-store-password-length'." (if url (browse-url url) (error "Field `%s' not found" password-store-url-field)))) +;;;###autoload +(defun password-store-view (entry) + "Show the contents of the selected password file ENTRY." + (interactive (list (password-store--completing-read))) + (view-file (password-store--entry-to-file entry))) + +;;;###autoload +(defun password-store-browse-and-copy (entry) + "Browse ENTRY using `password-store-url', and copy the secret to the kill ring." + (interactive (list (password-store--completing-read))) + (password-store-copy entry) + (password-store-url entry)) + +;;;###autoload +(defun password-store-dired () + "Open the password store directory in dired," + (interactive) + (dired (password-store-dir))) + +;;;###autoload +(defun password-store-visit (entry) + "Visit file for ENTRY," + (interactive (list (password-store--completing-read))) + (with-current-buffer + (find-file (password-store--entry-to-file entry)) + (password-store-edit-mode))) + +;;;###autoload +(defun password-store-pull () + (interactive) + (let ((default-directory (password-store-dir))) + (vc-pull))) + +;;;###autoload +(defun password-store-push () + (interactive) + (let ((default-directory (password-store-dir))) + (vc-push))) + +;;;###autoload +(defun password-store-diff () + (interactive) + (vc-dir (password-store-dir))) + +(when (require 'transient nil 'noerror) + (transient-define-suffix password-store--generate-run-transient + (entry &optional password-length) + "Generate a new password for ENTRY with PASSWORD-LENGTH. + +Default PASSWORD-LENGTH is `password-store-password-length'." + (interactive (list (password-store--completing-read) + (and current-prefix-arg + (abs (prefix-numeric-value current-prefix-arg))))) + (let* ((transient-length-arg nil) + (args (dolist + ;; filter length out of the argument list + (arg (transient-args transient-current-command)) + (if (string-prefix-p "--" arg) + (push arg args) + (setq transient-length-arg arg))))) + (push entry args) + ;; for the value of length, prefix argument takes precedence over transient arg + (push (format "%s" + (or password-length transient-length-arg password-store-password-length)) args) + (apply #'password-store--run "generate" (nreverse args)))) + + (defun password-store--read-length (prompt initial-input history) + "Read a number for the password length, or return default if input empty." + (let ((input (transient--read-number-N prompt initial-input history nil))) + (if (string-equal input "") + (int-to-string password-store-password-length) + input))) + + (transient-define-infix password-store-generate:length () + "Password length: should always be set." + :argument "" + :key "l" + :prompt "Password length: " + :multi-value nil + :always-read t + :description "Length" + :class 'transient-option + :reader #'password-store--read-length) + + (transient-define-prefix password-store-generate-transient () + "Generate new password using transient" + :value `(nil nil nil ,(int-to-string password-store-password-length)) + [ + ("i" "In place" "--in-place") + ("f" "Force overwrite" "--force") + ("n" "No symbols" "--no-symbols") + (password-store-generate:length) + ("g" "Generate" password-store--generate-run-transient)]) + + (defconst password-store--insert-buffer-name "*password-store-insert*") + + (transient-define-prefix password-store-menu () + "Entry point for password store actions." + ["Password Entry" + ["Use" + ("b" "Browse" password-store-url) + ("c" "Copy Secret" password-store-copy) + ("f" "Copy Field" password-store-copy-field) + ("o" "Browse and copy" password-store-browse-and-copy) + ("v" "View" password-store-view) + ] + ["Change" + ("D" "Delete" password-store-remove) + ("e" "Edit (visit file)" password-store-visit) + ("E" "Edit (pass command)" password-store-edit) + ("i" "Insert password" password-store-insert) + ("I" "Insert multiline" password-store-insert-multiline) + ("g" "generate" password-store-generate-transient :transient transient--do-exit) + ("r" "Rename" password-store-rename) + ] + ["VC" :if (lambda () (vc-responsible-backend (password-store-dir) t)) + ("=" "Diff" password-store-diff) + ("p" "Pull" password-store-pull) + ("P" "Push" password-store-push) + ] + ["Store" + ("d" "Dired" password-store-dired) + ]] + [("!" "Clear secret from kill ring" password-store-clear) + ] + )) + +(defun password-store-enable () + "Run this to setup auto-mode-alist and keybinding for password-store." + (interactive) + (add-to-list 'auto-mode-alist (cons epa-file-name-regexp 'password-store--maybe-edit-mode)) + (define-key global-map (kbd password-store-menu-key) #'password-store-menu)) (provide 'password-store) -- 2.43.0 From guru at unixarea.de Sat Feb 24 11:10:25 2024 From: guru at unixarea.de (Matthias Apitz) Date: Sat, 24 Feb 2024 12:10:25 +0100 Subject: using a second OpenPGP card Message-ID: Hello, I hope I'm right here with my question... I do use password-store for some years together with an OpenPGP card in my Linux cellphone (Purism L5) with a tree of some 300 credentials. I acquired a second OpenPGP card and will set it up in my second L5 and want to use the same credential there by just copy over the ~/.password-store with SCP from one L5 to the other. I read in the man page pass(1) that when I run $ pass init 2nd-openpgp-key it will detect that the new key differs from the old one (stored in ~/.password-store/.gpg-id) and will reencrypt all files with the new key. This is the point which raises questions in me: 1) pass (i.e. gnupg) for sure can't decrypt the files, because the first key sits in the other phone. What means 'reencrypt' exactly? How does this work? 2) After having done this 'reencrypt' of the tree in phone 2, can I SCP back the tree to the phone 1 and use it there? Thanks in advance for enlighten me a bit and overall thanks for this perfect tool. matthias -- Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub From mortenkjarulff at gmail.com Sat Feb 24 16:44:11 2024 From: mortenkjarulff at gmail.com (=?UTF-8?Q?Morten_Kj=C3=A6rulff?=) Date: Sat, 24 Feb 2024 17:44:11 +0100 Subject: using a second OpenPGP card In-Reply-To: References: Message-ID: Hi. Not sure exactly how, but you should be able to init your store for both keys. You can then copy both from old to new and new to old. You can also sync via a git repo. /Morten -- I'm a happy dreamer I believe in love -- I'm a happy dreamer I believe in love On Sat, Feb 24, 2024 at 3:52?PM Morten Kj?rulff wrote: > > Hi. > > Not sure exactly how, but you should be able to init you store for both keys. You can then copy both from old to new and new to old. You can also sync via a git repo. > > /Morten > -- > I'm a happy dreamer > I believe in love > > On Sat, Feb 24, 2024, 12:37 Matthias Apitz wrote: >> >> >> Hello, >> >> I hope I'm right here with my question... >> >> I do use password-store for some years together with an OpenPGP card in >> my Linux cellphone (Purism L5) with a tree of some 300 credentials. I >> acquired a second OpenPGP card and will set it up in my second L5 and >> want to use the same credential there by just copy over the >> ~/.password-store with SCP from one L5 to the other. >> >> I read in the man page pass(1) that when I run >> >> $ pass init 2nd-openpgp-key >> >> it will detect that the new key differs from the old one (stored in >> ~/.password-store/.gpg-id) and will reencrypt all files with the new >> key. >> >> This is the point which raises questions in me: >> >> 1) >> pass (i.e. gnupg) for sure can't decrypt the files, because the >> first key sits in the other phone. What means 'reencrypt' exactly? How >> does this work? >> >> 2) >> After having done this 'reencrypt' of the tree in phone 2, can I SCP >> back the tree to the phone 1 and use it there? >> >> Thanks in advance for enlighten me a bit and overall thanks for this >> perfect tool. >> >> matthias >> >> -- >> Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045 >> Public GnuPG key: http://www.unixarea.de/key.pub From guru at unixarea.de Mon Feb 26 10:34:15 2024 From: guru at unixarea.de (Matthias Apitz) Date: Mon, 26 Feb 2024 11:34:15 +0100 Subject: using a second OpenPGP card In-Reply-To: References: Message-ID: El d?a s?bado, febrero 24, 2024 a las 05:44:11 +0100, Morten Kj?rulff escribi?: > Hi. > > Not sure exactly how, but you should be able to init your store for > both keys. You can then copy both from old to new and new to old. You > can also sync via a git repo. I have here an example file of an entry 'test' in my .password-storage: purism at pureos:~$ pass test ???????????????????????????????????????????????? ? Please unlock the card ? ? ? ? Number: 0005 0000A6FE ? ? Holder: Matthias Apitz ? ? ? ? PIN ________________________________________ ? ? ? ? ? ???????????????????????????????????????????????? secret purism at pureos:~$ file .password-store/test.gpg .password-store/test.gpg: PGP RSA encrypted session key - keyid: 39BDCE02 5E4698B6 RSA (Encrypt or Sign) 2048b . purism at pureos:~$ gpg -da .password-store/test.gpg ???????????????????????????????????????????????? ? Please unlock the card ? ? ? ? Number: 0005 0000A6FE ? ? Holder: Matthias Apitz ? ? ? ? PIN ________________________________________ ? ? ? ? ? ???????????????????????????????????????????????? gpg: encrypted with 2048-bit RSA key, ID 39BDCE025E4698B6, created 2021-10-30 "Matthias Apitz (GnuPG CCID L5) " secret Said/showed that, I can't imagine that, when I SCP the file .password-store/test.gpg to another system with another OpenPGP card, that this system would be able to decrypt the file and reencrypt it again with the second card. matthias -- Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. ? ?? ???? ? ???????. Ich bin nicht im Krieg mit Russland. From peiriannydd at gmail.com Tue Feb 27 14:18:18 2024 From: peiriannydd at gmail.com (Trevor Vaughan) Date: Tue, 27 Feb 2024 09:18:18 -0500 Subject: Pass support as a GitLab CI password store - Issue Open Message-ID: Hi All, Was poking around the GitLab tickets and found this ticket. Thought others might be interested. If you are, throw on a thumbs up for awareness. https://gitlab.com/gitlab-org/gitlab-runner/-/issues/37391 Trevor -- ** ????????BA ** From ah at fita.dev Wed Feb 28 14:40:24 2024 From: ah at fita.dev (Adrien Horgnies) Date: Wed, 28 Feb 2024 15:40:24 +0100 Subject: Get field value for command show and option -c Message-ID: Hi, The website https://www.passwordstore.org/ suggests to organize data like this: > Yw|ZSNH!}z"6{ym9pI > URL: *.amazon.com/* > Username: AmazonianChicken at example.com > Secret Question 1: What is your childhood best friend's most bizarre superhero fantasy? Oh god, Amazon, it's too awful to say... > Phone Support PIN #: 84719 However, it's impractical to use if you want to copy any information there, as you only need the thing on the right side of the colon. I'd like to suggest the following feature for the command "show" and option "-c": - An non-numerical value is treated as a field key to search for - Instead of copy / qrencode the full line, it processes the value next to the key Here's how it would work: ```console $ pass foo foo user: bar pin: 1234 stuff: spam $ pass -cuser foo && wl-paste Copied foo to clipboard. Will clear in 45 seconds. bar $ pass -cpin foo && wl-paste Copied foo to clipboard. Will clear in 45 seconds. 1234 ``` Here's a simple implementation. It's missing documentation and tests. I'll add them if you deem the patch interesting. Also, would it need anything else? I guess making the separator ": " customizable would be of interest as well. Best regards, Adrien Horgnies >From 58f4e1206dfabb61a0983b3514376d2893655f77 Mon Sep 17 00:00:00 2001 From: Adrien Horgnies Date: Wed, 28 Feb 2024 15:00:05 +0100 Subject: [PATCH] Get field value for command show and option -c Treat lines with colon and space ": " as a field with a key and a value. The left side of the first ": " is considered a field key. The right side of the first ": " is considered a field value. Using the option -c with a non-numerical argument doesn't fail anymore. Instead it treats the argument as a field key. And it gets you the value without the key. Or an error if the key doesn't match anything or the value is empty. --- src/password-store.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..e0f6e3a 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -387,9 +387,13 @@ cmd_show() { pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $? echo "$pass" | $BASE64 -d else - [[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number." - pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? - [[ -n $pass ]] || die "There is no password to put on the clipboard at line ${selected_line}." + if [[ $selected_line =~ ^[0-9]+$ ]]; then + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? + [[ -n $pass ]] || die "There is no password to put on the clipboard at line ${selected_line}." + else + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep -Pom1 "${selected_line}: \K.*" /dev/stdin)" + [[ -n $pass ]] || die "There is no password to put on the clipboard associated with field ${selected_line}." + fi if [[ $clip -eq 1 ]]; then clip "$pass" "$path" elif [[ $qrcode -eq 1 ]]; then -- 2.34.1 From axs at sdf.org Wed Feb 28 17:25:32 2024 From: axs at sdf.org (Andrew Stryker) Date: Wed, 28 Feb 2024 09:25:32 -0800 Subject: Get field value for command show and option -c In-Reply-To: References: Message-ID: Adrien Horgnies wrote on 2024-Feb-28: > Hi, > > The website https://www.passwordstore.org/ suggests to organize data like this: > > > Yw|ZSNH!}z"6{ym9pI > > URL: *.amazon.com/* > > Username: AmazonianChicken at example.com > > Secret Question 1: What is your childhood best friend's most bizarre superhero fantasy? Oh god, Amazon, it's too awful to say... > > Phone Support PIN #: 84719 The perspective of the maintainer is that this pattern is a suggested convention. The only hard requirement is that actual password is on the first line of the file. > However, it's impractical to use if you want to copy any information there, > as you only need the thing on the right side of the colon. > > I'd like to suggest the following feature for the command "show" and > option "-c": > - An non-numerical value is treated as a field key to search for > - Instead of copy / qrencode the full line, it processes the value > next to the key > > Here's how it would work: > > ```console > $ pass foo > foo > user: bar > pin: 1234 > stuff: spam > $ pass -cuser foo && wl-paste > Copied foo to clipboard. Will clear in 45 seconds. > bar > $ pass -cpin foo && wl-paste > Copied foo to clipboard. Will clear in 45 seconds. > 1234 > ``` I typically do something like: pass foo | awk '/^bar:/ { print $2 }' | xsel -b or secret=$(pass foo | awk '/^bar:/ { print $2 }') if I am in script. There are a few trade-offs here. Your proposal increases the complexity of the file structure, the user interface, and the coded base. Not by a lot, but every command and requirement adds to amount a user needs to know in order to effectively use the application. Every line increases the effort required to maintain the code. The benefit is that you make a use pattern easier. There are already ways to accomplish the intended effect. Your approach trades additional complexity or user simplicity. Making the process for managing secret information easier is a huge benefit. The question becomes, is this use case prevelant enough to warrant your proposal? Have you considered making this a pass extension? Pass supports third party extensions (e.g., https://github.com/tadfisher/pass-otp). The drawback is that you would not be able to directly extend the "show" command in a logical way, which your proposal does. I suggest coding your approach as an extension: 1. The maintainer (Jason) is very inactive. I have not seen him post to this list in quite some time. Getting your proposal accepted and merged requires his participation or forking the project. 2. The case that the benefit outweighs the cost is not entirely clear. Maybe yes, maybe no from my perspective. Making a strong argument here will be hard. 3. Following the extension pattern should be possible. And if it is a popular extension, then you will have a strong case for moving it to the core. I hope you find this useful. Best of luck. Andrew From ah at fita.dev Wed Feb 28 17:49:38 2024 From: ah at fita.dev (Adrien Horgnies) Date: Wed, 28 Feb 2024 18:49:38 +0100 Subject: Get field value for command show and option -c In-Reply-To: References: Message-ID: Hi, You can certainly handle selecting part of your password-store entry outside password-store. But then you need to handle clearing the clipboard yourself. Furthermore, I much prefer calling `pass -cuser foo` than `pass foo | yq .foo | wl-copy`. While the current code doesn't enforce any file format, I think it's impractical to use with any file format. But you did bring to my attention that it would be better to keep password-store file format agnostic. Thus, to achieve the same purpose, I propose the patch below instead. The idea is to introduce an extension point that lets the user specify whatever he want to parse the entry. Damien would be able to do: $ export PASSWORD_STORE_CONTENT_SELECTOR=yq $ pass -c.user foo And I would be able to do something similar with my own script. I'll look more into the extensions, but I felt like it wouldn't be well integrated. Thanks for the feedback, Adrien Horgnies >From c50b60f506de281f2fa830e03d815d6825b549c8 Mon Sep 17 00:00:00 2001 From: Adrien Horgnies Date: Wed, 28 Feb 2024 17:52:13 +0100 Subject: [PATCH] Add ability to customize how show selects content When using options -c or -q, the argument value is assumed to be a line number. And the given line is copied or QR encoded. With the environment variable PASSWORD_STORE_CONTENT_SELECTOR, the user is now able customize what part of the password store entry is selected. PASSWORD_STORE_CONTENT_SELECTOR must be an executable command. The whole entry is given through stdin. The value of -c and -q are passed as argument $1. And stdout is copied or QR encoded. --- src/password-store.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..e8c7a79 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -19,6 +19,7 @@ CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}" GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:punct:][:alnum:]}" CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}" +CONTENT_SELECTOR="${PASSWORD_STORE_CONTENT_SELECTOR}" unset GIT_DIR GIT_WORK_TREE GIT_NAMESPACE GIT_INDEX_FILE GIT_INDEX_VERSION GIT_OBJECT_DIRECTORY GIT_COMMON_DIR export GIT_CEILING_DIRECTORIES="$PREFIX/.." @@ -387,9 +388,14 @@ cmd_show() { pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $? echo "$pass" | $BASE64 -d else - [[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number." - pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? - [[ -n $pass ]] || die "There is no password to put on the clipboard at line ${selected_line}." + if [[ -n "$CONTENT_SELECTOR" ]]; then + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $CONTENT_SELECTOR "${selected_line}")" || exit $? + [[ -n $pass ]] || die "There is no password to put on the clipboard with key ${selected_line}." + else + [[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number." + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? + [[ -n $pass ]] || die "There is no password to put on the clipboard at line ${selected_line}." + fi if [[ $clip -eq 1 ]]; then clip "$pass" "$path" elif [[ $qrcode -eq 1 ]]; then -- 2.34.1 From morus at missing.bike Thu Feb 29 23:14:51 2024 From: morus at missing.bike (morus) Date: Thu, 29 Feb 2024 23:14:51 +0000 Subject: pass-zenity: simple gtk extension Message-ID: Hi list. I hacked together a GUI script and wanted to share. Links at the bottom. It's mostly trivial, modeled after the venerable `passmenu`, the dmenu script you can find bundled with the source code of pass. You'd run it, probably with a keybind, pick a password name with a fuzzy search, and it'd copy it to clipboard (same as `pass -c`) or autotype it for you (with xdotool). That probably still works fine - I wouldn't know, I don't use dmenu. I've been using a similar fzf(1) based solution. So pass-zenity is just that, but it uses a zenity dialog (so simple GTK popup) instead of dmenu, and it's a pass extension instead of a script. The motivations were as follows: 1. Have something that looks mostly native between GNOME, Phosh, and whatever other setups out of the box: zenity is GTK and a GNOME project, so that does it. 2. Have something usable on mobile (got myself a pinephone): I bundle a .desktop file to this end. 3. Have OTP support: internals outsourced to the pass-otp extension, trivial to implement `--otp` option works as expected. 4. pass extension over a standalone script, to dodge some $PATH pollution and play nicely with multiple pass executables / implementations (made up use case). Fits nicely in ~/.password-store/.extensions for git syncing too. 5. Still be lightweight: just bash, pass, zenity. Autotyping with xdotool, ydotool, or wtype; improved logic for inferring one of these to use. So I've been using it over the past two months and sporadically whipping it into something hopefully anyone can use, with error messages and documentation (manpage). I'm somewhat confident in it by now, but I'd like some real scrutiny before I call it a stable release. If it seems like something you'd enjoy, please take a look and send feedback - or code. I'd like some tests, but I don't know how to write them. For documentation, I run the manpage through aspell(1) and compare with that one table in man-pages(7), but that's it, so feel free to step in there too. Git repo on codeberg: https://codeberg.org/morus/pass-zenity/ and on my website (stagit): https://menhera.hair/git/pass-zenity/ -- A24D 338A 80EA 7222 E06F AED9 365E E44F 7671 1D9B