Open noctuid opened 9 years ago
mcrapet
commented
9 years ago Hi,
For security aspects, I agree. We need to think about supported any keystore to retrieve password. For now it's plain text in the config file:
$ cat ~/.config/plowshare/plowshare.conf ... 115/a=plowshare:xxx 2shared/b = plowshare@gmx.com:xxxx ...
This will not appear in shell history.
mcrapet
commented
8 years ago Hi, Were you thinking about this kind of usage: https://www.passwordstore.org/
noctuid
commented
8 years ago I was thinking about being able to get the password from any command like with isync's PassCmd option. For example:
PassCmd "gpg2 -q --for-your-eyes-only --no-tty -d ~/.mailpass.gpg"For isync, I'm just piping the output of a gpg command into awk to choose the correct password. That said, I do use pass and would be fine using it for this. Would there be a benefit to using pass specifically?
mcrapet
commented
8 years ago .mailpass.gpg is an (ciphered) text file containing credentials ?
noctuid
commented
8 years ago Yes, in this case it would just contain the password.
mcrapet
commented
8 years ago What do you think of this: https://keybase.io/docs/kbfs
noctuid
commented
8 years ago Well with the equivalent of PassCmd, it shouldn't matter how the file was encrypted. Are you suggesting some sort of integration that would only work with the keybase filesystem?
mcrapet
commented
7 years ago Note for me: don't use libgnome-keyring but libsecret.
https://wiki.gnome.org/Projects/Libsecret
It would be nice to have an option/flag that would take a command (e.g. a gpg command) to run and use the output as a password. This way the account password wouldn't show up in the process listing or in the shell history file. Since there are already two different options (-a and -b) for giving account information, it might be better to have a different syntax to specify that the password part is a command and not a string instead of adding 2+ extra options. Another possibility would be to only be able to specify a password command in the config file.