Like many I use pass for storing usernames and passwords. This gives me easy access to credentials in a secure manner.
I don't like the way that the metadata (i.e. filenames) are public, but that aside it is a robust tool I've been using for several years.
The last time I talked about
pass was when I talked about showing the age of my credentials, via the integrated
That then became a pass-plugin:
frodo ~ $ pass age 6 years ago GPGfirstname.lastname@example.org 6 years ago GPGemail@example.com.OLD.gpg .. 4 years, 8 months ago Domains/Domain.fi.gpg 4 years, 7 months ago Mobile/dna.fi.gpg .. 1 year, 3 months ago Websites/netlify.com.gpg 1 year ago Financial/ukko.fi.gpg 1 year ago Mobile/KiK.gpg 4 days ago Enfuce/sre.tst.gpg ..
Anyway today's work involved writing another plugin, named
env. I store my data in pass in a consistent form, each entry looks like this:
username: steve password: secrit site: http://example.com/login/blah/ # Extra data
The keys vary, sometimes I use "login", sometimes "username", other times "email", but I always label the fields in some way.
Recently I was working with some CLI tooling that wants to have a username/password specified and I patched it to read from the environment instead. Now I can run this:
$ pass env internal/cli/tool-name export username="steve" export password="secrit"
That's ideal, because now I can source that from within a shell:
$ source <(pass env internal/cli/tool-name) $ echo username steve
Or I could directly execute the tool I want:
$ pass env --exec=$HOME/ldap/ldap.py internal/cli/tool-name you are steve ..
TLDR: If you store your password entries in "
key: value" form you can process them to export
$KEY=$value, and that allows them to be used without copying and pasting into command-line arguments (e.g. "
~/ldap/ldap.py --username=steve --password=secrit")