dominikschulz
commented
4 years ago I'm sorry, but I don't understand what you're asking for.
Are you looking for something like gopass grep, about the gopassbridge lookup rules or something different?
Closed Brixy closed 4 years ago
dominikschulz
commented
4 years ago I'm sorry, but I don't understand what you're asking for.
Are you looking for something like gopass grep, about the gopassbridge lookup rules or something different?
Brixy
commented
4 years ago Thank you for your answer.
I had not found gopass grep as it is not mentioned in gopass -h. Maybe this is what I was thinking of.
I don't understand what you're asking for.
Suppose you have a file secret.gpg with this content:
MyVerySecretPassword
login: Brixy
url: https://github.com/It would be excellent if gopass could find/show this secret using gopass show -C Brixy. The search term is not part of the file name, but a term within the file contents.
AnomalRoil
commented
4 years ago This would require decrypting all the secrets to perform a search, it's not really meant to be done in that way.
Instead you can use the path of the secret to store that information, for example:
dev/github.com/Brixydev/github.com/Someoldaccountshops/amazon.com/myemail@example.com
And then the gopass find will work as intended, plus it integrates well with dmenu, rofi or even fzf.This is actually assumed as a fallback by the json bridge: https://github.com/gopasspw/gopass/blob/master/docs/setup.md#filling-in-passwords-from-browser
Now, if you don't want to have the username as part of the filename, because it's a secret, you'll have to use gopass grep, which decrypts all the files and tells you in which file it is. Since we are trying to reduce the number of flags, we probably won't add an option to copy the secret directly from gopass grep.
Brixy
commented
4 years ago Thank you very much!
This would require decrypting all the secrets to perform a search, it's not really meant to be done in that way.
OK! I thought this was rather easy to do because gopass audit decrypts all files, too.
This was rather a general suggestion. I use a file tree like you have shown above and can find anything using fd, fzf or gopass itself using fish shell’s autocomplete (which is terrific).
(In an emergency case one could easily store the .password-store/ folder in a .gpg file or e.g. in a gocryptfs drive.)
dominikschulz
commented
4 years ago It's not hard to do, but it takes a long time (depending on the number of secrets and your crypto setup) and it's very questionable security wise (thinking of e.g. exfiltrating secrets and such).
We started thinking about implementing a fully encrypted backend. There is a proof of concept, but I wouldn't recommend to use it, yet.
Brixy
commented
4 years ago Thanks for the detailed answers, guys.
I get your points. Please feel free to close this issue any time if my suggestion does not make sense (concerning security) for this project.
AnomalRoil
commented
4 years ago Closing since:
gopass grep, which will decrypt all secrets
Sometimes it advisable to name a secret file according to a username/login.
Therefore, it would be great if
gopasscould search within all secret files. The ‘infrastructure’ for this probably already exists, e.g. forgopass audit.I hope this has not been requested too often—could not find anything related.
Thank you!