gopasspw / gopass Goto Github PK
View Code? Open in Web Editor NEWThe slightly more awesome standard unix password manager for teams
Home Page: https://www.gopass.pw/
License: MIT License
The slightly more awesome standard unix password manager for teams
Home Page: https://www.gopass.pw/
License: MIT License
When running gopass completion dmenu --type
, dmenu
is called by gopass and by default it displays entries horizontally. I'd like it to be displayed vertically and for that I would need to be able to call dmenu
with custom arguments, for example dmenu -i -l 20 -p '>'
.
We could maybe add a command line switch to specify arguments that would be passed to dmenu
. For example gopass completion dmenu --type --extra-dmenu-args '-i -l 20 -p \'>\''
.
In #89 we merged a PR that fixed some weird behaviour when deleting emtpy folders.
There are no integration test for this as of this moment, but can be easily added in the future.
pass generate foo/bar
pass generate foo/baz
pass rm -r foo/bar # errored before, shouldn't fail anymore
pass rm foo/baz
pass rm -r foo # errored before, shouldn't fail anymore
qr code generation for passwords, cool would be output on the console like here: https://www.npmjs.com/package/qrcode-console
When doing grep or show on OS X, using homebrew gpg2, I get this message:
You need a passphrase to unlock the secret key for
user: "Robert Sanders [email protected]"
4096-bit RSA key, ID 99999999, created 2015-01-25 (main key ID 55555555)
After that message, the correct output is printed. If doing "grep" I get one message per item scanned.
I have two PGP keys which can decrypt items in this repo. I'm not sure if that's a contributing factor.
This appears to suppress the message:
echo 'no-tty' >> ~/.gnupg/gpg.conf
However, I do not see that message when doing the same operations with pass so it should not be strictly necessary.
$ gopass --version
gopass 1.0.0 (8cae28cc 2017-02-03 12:10:47) go1.7.5
$ wc -l < ~/.password-store/.gpg-id
13
$ uname -a
Darwin ATL-RSANDERS-MAC.local 16.3.0 Darwin Kernel Version 16.3.0: Thu Nov 17 20:23:58 PST 2016; root:xnu-3789.31.2~1/RELEASE_X86_64 x86_64
$ gpg2 --version
gpg (GnuPG) 2.0.30
libgcrypt 1.7.6
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
1.0.2 has been released last week. However, the version in Brew is still 1.0.1
brew tap justwatchcom/gopass
brew install gopass
$ gopass --version
gopass 1.0.1 (e3c63f0e 2017-03-27 21:23:02) go1.8
Fish shell autocomplete with gopass completion fish
Fish shell completion script already exists for pass here.
Is this feature something that the contributors/community would be interested in adding?
For example, adding symlinks in the root store pointing to the mounted stores so that pass mount/foo
works just like gopass mount/foo
(and so that other GUIs work with mounts).
The tree printed when running gopass
get quite huge when mounting multiple password stores that each contain several entries.
We may want to consider to limit the initial depth of the tree or try to otherwise collapse it a little by default.
pass search
works the same as the documented pass find
(at least I think that's what it does...)
Any chance you could support search
as an alias to find
?
@notandy and me just talked and we need this for i3 & dwm, etc...
pass uses gpg2 instead of gpg if it is available:
GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
GPG="gpg"
export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}"
which gpg2 &>/dev/null && GPG="gpg2"
It looks like gopass always uses just gpg. IMHO it should also switch to gpg2 if it is available so it behaves exactly like pass.
I'd do a PR but unfortunately I'm not very familiar with Go (yet).
Add completion support for rofi
. You would call rofi -dmenu
with gopass completion rofi
similarly to calling dmenu
with gopass completion dmenu
.
MacOS doesn't have a /dev/shm
directory so gopass
falls back to ioutil.TempDir
which will write plaintext to the disk. pass
does a lot of work on darwin to avoid this.
New to gopass, just test driving it.
I've configured gpg-agent to start automatically in ~/.bash_profile
:
[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
export GPG_AGENT_INFO
else
eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
fi
$ cat ~/.gnupg/gpg-agent.conf
use-standard-socket
default-cache-ttl 28800
max-cache-ttl 86400
Tested the agent, and it works. If I do gpg -d path/to/some/encrypted/file
repeatedly, I only need to enter the GPG pass once.
I've installed gopass and done gopass init
:
$ gopass init
Please select a private Key for encryption:
[0] 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXXXXX>
Please enter the number of a key (0-0) [0]:
Password store initialized for: 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXXXX>
Please select a key for signing Git Commits
[0] 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXX>
Please enter the number of a key (0-0) [0]:
Initialized empty Git repository in /Users/XXXXXXXXXXXXX/.password-store/.git/
[master (root-commit) e0dcdef] Add current contents of password store.
2 files changed, 53 insertions(+)
create mode 100644 .gpg-id
create mode 100644 .gpg-keys/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[master d984775] Configure git repository for gpg file diff.
1 file changed, 1 insertion(+)
create mode 100644 .gitattributes
Git initialized
Then I've tried to insert some fake password, for testing:
$ gopass insert web/google.com
Enter password for web/google.com:
Failed to restore terminal: errno 0
Retype password for web/google.com:
Failed to restore terminal: errno 0
gopass: Encrypting web/google.com for these recipients:
- 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXXXXXXX>
Do you want to continue? [Y/n]:
gpg: XXXXXXXX: There is no assurance this key belongs to the named user
pub 4096R/XXXXXXXX 2016-07-25 Florin Andrei <florin@XXXXXXXXXXXXXX>
Primary key fingerprint: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
Subkey fingerprint: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
You need a passphrase to unlock the secret key for
user: "Florin Andrei <florin@XXXXXXXXXXXXXXXXX>"
4096-bit RSA key, ID XXXXXXXX, created 2016-07-25
gpg: problem with the agent - disabling agent use
error: gpg failed to sign the data
fatal: failed to write commit object
Error: failed to committ files to git: exit status 128
If I kill gpg-agent, and unset the GPG_AGENT_INFO variable (so basically disabling the GPG agent completely), then gopass works just fine, but of course it keeps nagging me about the GPG passphrase every time.
In pass
, it is possible to use different keys to encrypt secrets by having multiple .gpg-id
files in sub directories.
From pass
manpage:
Contains the default gpg key identification used for encryption and decryption. Multiple gpg keys may be specified in this file, one per line. If this file exists in any sub directories, passwords inside those sub directories are encrypted using those keys. This should be set using the init command.
This seems not to be the case with gopass
, is that correct?
What I did:
When using gopass insert
in "read-from-stdin" mode the confirmation prompt may flood the terminal.
We must avoid interactive I/O if reading from STDIN.
(documentation bug)
Initialize a store with gopass init [email protected]
Add a secret gopass insert some/secret
Add a recipient gopass recipients add XXXXXXXX
Add another secret gopass insert some/othersecret
The first secret can be decrypted by the initial recipient. The second secret can be decrypted by both recipients.
How to mass-edit many secrets at once and add / remove recipients to / from all of them?
Could you guys please figure out who changes the name
Referred by cortex/gopass#31
Whenever I try to run gopass mount
I get Error: Entry is not in the password store
.
I already have a root store.
What are the steps to add a new store and mount?
I used gopass init --store test
but I don't know what the value "test" is used for.
This might be related to #5
I found that I was getting the Error: No useable private keys found
error and dug into the source and debugged and found what I believe is the issue. I have a key that has no expiration date.
in gpg.go:IsUseable - the following code would faild on the Before(time.Now()) check:
if !k.ExpirationDate.IsZero() && k.ExpirationDate.Before(time.Now()) {
return false
}
I changed this to and it works fine:
if !k.ExpirationDate.IsZero() {
if k.ExpirationDate.Before(time.Now()) {
return false
}
}
I would have though short-circuit eval would have come into effect here? I'm on go 1.6.
The install link for macOS states:
If you're a Homebrew maintainer by any chance, feel free to pull the formula into the main repo
That's not how it works. I've opened a thread about that on Brew's Community Discussion site...
http://discourse.brew.sh/t/missing-formula-gopass/618
...and I was told this:
We don't really do formulae requests. If you're interested: could you try and open a pull request? This document should help and we're happy to walk you through anything else.
This is the document they're talking about:
http://docs.brew.sh/How-To-Open-a-Homebrew-Pull-Request.html
So it looks like the process needs to be initiated from your side.
Hey guys!
gopass rm test
removes the record without asking to supply the pass-phrase for the GPG key. Is it expected behavior?
Thanks!
When you run pass -c <filename>
, pass's behavior is to copy the first line of the file, allowing you to get the password easily while using the rest of the file in a freeform fashion. gopass seems to copy the whole contents of the file, which makes it hard to use multiple lines for things like login and URL.
I'm using a different email address with git and gopass. To work around #13 I need to change my email address in ~/.gitconfig. It would be cool to be able to specify a email address when creating a store or maybe use the email address from the selected gpg key.
As per #61 it's now possible to install gopass with homebrew and gnupg 2.1. This should probably be documented.
How to reproduce:
## The password store is a link to a dropbox folder
➤ ls -lad ~/.password-store/
drwx------@ 155 hobbeswalsh staff 5270 Feb 3 20:23 /Users/hobbeswalsh/.password-store/
## hiding names of passwords, but asserting that there are some
hobbeswalsh@mac:~
➤ pass | wc -l
208
## Gopass does not read the passwords
hobbeswalsh@mac:~
➤ gopass
gopass
hobbeswalsh@mac:~
➤ gopass fsck
Wrong permissions for file /Users/hobbeswalsh/.password-store: drwx------
Fixing permissions from -rwx------ to -rw-------
Store (/Users/hobbeswalsh/.password-store) OK
hobbeswalsh@mac:~
➤ gopass
failed to check dir /Users/hobbeswalsh/.password-store/.gpg-id: lstat /Users/hobbeswalsh/.password-store/.gpg-id: permission denied
failed to check dir /Users/hobbeswalsh/.password-store/.gpg-id: lstat /Users/hobbeswalsh/.password-store/.gpg-id: permission denied
Error: password-store is not initialized. Try 'gopass init'
## Uh, thanks for messing up all my permissions, gopass!
## Now `pass` doesn't work either.
➤ pass
Password Store
How to work around the problem:
## Let's remove the symlink and make ~/.password-store a real directory
➤ rm .password-store
hobbeswalsh@mac:~
➤ mkdir .password-store
hobbeswalsh@mac:~
➤ cp -pR ~/Dropbox/password-store/* .password-store/
hobbeswalsh@mac:~
➤ gopass
Error: password-store is not initialized. Try 'gopass init'
hobbeswalsh@mac:~
➤ gopass init
Please select a private Key for encryption:
[0] 0xFDD6CAAFE5114586 - Robin Walsh <[email protected]>
Please enter the number of a key (0-0) [0]:
Password store initialized for: 0xFDD6CAAFE5114586 - Robin Walsh <[email protected]>
Please select a key for signing Git Commits
[0] 0xFDD6CAAFE5114586 - Robin Walsh <[email protected]>
Please enter the number of a key (0-0) [0]:
Initialized empty Git repository in /Users/rwwalsh/.password-store/.git/
... lots of output...
## Now it works.
hobbeswalsh@mac:~
➤ gopass | wc -l ; pass | wc -l
209
208
Obviously it would be nice it we supported symlinks.
Since Windows seems to be supported since #14 it would be nice to also have Windows binaries.
This could be possibly connected to #55
deleting an empty folder with gopass rm -r yields an error message, but deletes the folder.
$ pass edit test/test
...
$ pass rm test/test
Are you sure you would like to delete test/test? [y/N]: y
$ pass rm -r test
fatal: pathspec '/home/andy/.password-store/test' did not match any filesError: failed to add files to git: exit status 128
https://news.ycombinator.com/item?id=13552756
I'm pretty excited about this actually. Thank-you so much for your efforts. I've been using pass for awhile now, and I really love what it does, but it's a case where it feels 90% finished.
I have one desperate request; colour output as an option. Every time there is an update to pass (or I need to reinstall) I need to edit the file and change the options from " tree -C " to " tree -n "
This is a pain in the ass. I am visually impaired. The 'default' dark-blue that tree uses for directories is unreadable to me.
My two choices for dealing with this are to use DIRCOLORS or edit the pass executable. I'd prefer to not muck about with my environment settings. (as I do not normally see any colour output)
Anyway; awesome project!
This should be doable in the future with not that much refactoring.
I saw gopass
on Hacker News and thought I would check it out. I actually plan on doing a PR for #4, but I have experienced an issue I want to raise here. Perhaps someone can expand further on this.
$ gopass insert world
Enter password for world:
Failed to restore terminal: errno 0
Retype password for world:
Failed to restore terminal: errno 0
gopass: Encrypting world for these recipients:
- 0xB058C2BF639F134B - Mike C (Hi) <[email protected]>
Do you want to continue? [Y/n]:
error: gpg failed to sign the data
fatal: failed to write commit object
Error: failed to committ files to git: exit status 128
$ gopass show world
hello
So I insert a secret and it seems to fail, but then I'm able to retrieve it. The secret is present in the .password-store
as a .gpg
file and is indeed encrypted. Any thoughts on the errors here?
Versions:
On my systems $HOME/.password-store
is a symlink which works just fine with pass
but not gopass
.
While I see some similarities, what are the main differences ?
It would be nice to be able to set options per-mount instead of only having them global. For example, autopush
and autopull
set to true on my local (root) store, but set to false on another mount.
Hey All,
Great work on the tool, have been experimenting with it a little bit but I was interested in one bit:
I found that I cannot init
a store without having both my public and private key on the machine. Why does this not work with just my public key?
Since I can't open an issue at https://github.com/justwatchcom/homebrew-gopass, I am opening this here:
Would it be possible to also allow gnupg 21 as a dependency instead of gnupg 2 only?
Getting this whenever I use init
and either select a key from the menu or enter in a long ID.
I'm pretty sure I have this public key locally as it is from my own private keypair.
Is there any way to get additional debugging details so I can determine what this means? (I.e. failure of the gpg binary, maybe something wrong with my key, etc.)
Thanks.
Gopass failed to open the following structure:
$ tree .password-store
.password-store
├── domain.tld
│ ├── account01.gpg
│ ├── account02.gpg
├── domain.tld.gpg
$ gopass
Failed to add file domain.tld to tree: File domain.tld exists
Some info about my environment
$ uname
Linux x86_64
$ gopass version
gopass 1.0.0 (8cae28cc 2017-02-02 15:45:17) go1.7.5
I haven't found a way to run gopass git
commands in mounts.
When I try to add a new recipient, gopass fails like so:
❯ gopass recipients add ##REMOVED###
gpg.listKeys: /usr/local/bin/gpg [gpg --with-colons --with-fingerprint --fixed-list-mode --list-public-keys ##REMOVED###]
Do you want to add '##REMOVED###' as an recipient? [y/N]: y
On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
modified: .gpg-id
no changes added to commit
Error: failed to committ files to git: exit status 1
When deleting an entry git add
may fail - depending on the git version installed - unless the --all
flag is provided to git.
Since this is the default location for config file according to freedesktop configuration specification:
https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
$XDG_CONFIG_HOME defines the base directory relative to which user specific configuration files should be stored. If $XDG_CONFIG_HOME is either not set or empty, a default equal to $HOME/.config should be used.
Trying to import lastpass credentials using lastpass2pass.rb from https://www.passwordstore.org/
gopass gets confused reading EOF when inserting. Probably because it asks for confirmation.
Trying to go ahead with the confirmation also didn't work for me using something like
cmd := exec.Command("gopass", "insert", "-f", fmt.Sprintf("%s/%s", "test", "username"))
cmd.Stdin = strings.NewReader(fmt.Sprintf("%s\n%s\nY\n", "password", "password"))
In the documentation in the Edit Config section, several options are shown but not explained. For example:
alwaystrust: false
autoimport: false
Documentation should explain all config keys
When I attempt to insert new entry I get the following errors:
Enter password for foo/bar:
Failed to restore terminal: errno 0
Retype password for foo/bar:
Failed to restore terminal: errno 0
gopass: Encrypting foo/bar for these recipients:
- 0x56333C1D33F8CE08 - foo bar ([email protected]) <[email protected]>
Do you want to continue? [Y/n]: y
You need a passphrase to unlock the secret key for
user: foo bar ([email protected]) <[email protected]>"
4096-bit RSA key, ID 33F8CE08, created 2017-02-13
error: gpg failed to sign the data
fatal: failed to write commit object
Error: failed to commit files to git: exit status 128
I tried https://www.justwatch.com/gopass/faq/
This did not help.
My .gitconfig and user definition for my key match as well.
cmd := exec.Command("git", "config", "--local", "user.signkey", sk)
must be
cmd := exec.Command("git", "config", "--local", "user.signingkey", sk)
Hi,
Gentoo and Arch inject custom LDFLAGS targeted for binutils-ld that will fail with the golang compiler, please rename the LDFLAGS variable in the Makefile to mitigate this.
Thanks :)
Actual:
gopass rm -f some/file
Are you sure you would like to recursively delete some/file? [y/N]: y
Error: Entry is not in the password store
Expected:
gopass rm -f some/file
Are you sure you would like to recursively delete some/file? [y/N]: y
Deleted some/file
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.