Submit Workflow: Pass-Client

[chrisgrieser]

Preflight

• [X] The Alfred team has invited me to submit this workflow.

The submitted workflow:

• [X] Was authored by me. ⓘ
• [X] Uses Workflow Configuration or has no user-facing settings. ⓘ
• [X] Does not have an auto-updater. ⓘ
• [X] Does not contain unsigned and non-notarised binaries. ⓘ
• [X] Does not download extra software. ⓘ
• [X] Uses keywords with more than one character. ⓘ
• [X] Has a descriptive About section. ⓘ
• [X] Has an icon of at least 256x256 px. ⓘ

Homepage

https://github.com/chrisgrieser/alfred-pass

Alfred Forum page

https://www.alfredforum.com/topic/20664-alfred-as-a-client-for-the-pass-cli/

Gallery page content

Setup

1. Setup pass with a GPG key. See the Pass Website for further information.

2. Configure pinentry-mac as your pinentry-program:

   [[ -d "$HOME/.gnupg" ]] || mkdir "$HOME/.gnupg"
   echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" > $HOME/.gnupg/gpg-agent.conf
   gpgconf --kill gpg-agent # restart the agent

Usage

Search your passwords via the keyword pw.

• ⏎: Copy password to the clipboard. If your search query does not find an entry, you can directly create a new entry by pressing ↵. You are then be prompted for a folder to place the new entry in. The password of the new entry is auto-generated based on your pass settings, or can be inserted from your clipboard.
• ⌘⏎: Edit entry in your Terminal, using the Terminal configured in your Alfred settings and your $EDITOR.
• ⌥⏎: Reveal .gpg file of the entry in Finder.
• ⌃⏎: Delete the entry.
• ⇧⏎: Show details of the entry. Select any one of them to copy the value to your clipboard.

Tags

password-manager

Test data

No response

Homebrew dependencies

• pass
• pinentry-mac

Bundled libraries

No response

[vitorgalvao]

Thank you. Will be live later today at https://alfred.app/workflows/chrisgrieser/pass/.

On another note, in the clear-copy script you have the following:

# INFO password clearing is implemented via this script rather than using pass' # built-in functionality because the built-in functionality requires using pass \# --clip which saves the password to in a non-transiently, meaning it is # readable in Alfred's clipboard history.

I’m not overly familiar with pass, but it’s worth noting Alfred respects org.nspasteboard.ConcealedType, which is a standard way of marking data as private in the clipboard. Apps which store sensitive data (e.g. 1Password) set that flag when copying sensitive information. That means the data will still be in your clipboard but won’t be saved. You can read more at http://nspasteboard.org. I mention it because you may want to submit a PR or discuss it with the pass developers. Note this does not delete data on a timer.

For your own reference, the 1Password workflow implements a simple way to save data that way from JXA.

[chrisgrieser]

yeah, I tried out different variations, and indeed, pass does not respect ConcealedType, which is why I went for that workaround. Good point on raising the info directly with the devs though