Open noctuid opened 9 years ago
Hi,
For security aspects, I agree. We need to think about supported any keystore to retrieve password. For now it's plain text in the config file:
$ cat ~/.config/plowshare/plowshare.conf ... 115/a=plowshare:xxx 2shared/b = plowshare@gmx.com:xxxx ...
This will not appear in shell history.
Hi, Were you thinking about this kind of usage: https://www.passwordstore.org/
I was thinking about being able to get the password from any command like with isync's PassCmd
option. For example:
PassCmd "gpg2 -q --for-your-eyes-only --no-tty -d ~/.mailpass.gpg"
For isync, I'm just piping the output of a gpg command into awk to choose the correct password. That said, I do use pass and would be fine using it for this. Would there be a benefit to using pass specifically?
.mailpass.gpg
is an (ciphered) text file containing credentials ?
Yes, in this case it would just contain the password.
What do you think of this: https://keybase.io/docs/kbfs
Well with the equivalent of PassCmd
, it shouldn't matter how the file was encrypted. Are you suggesting some sort of integration that would only work with the keybase filesystem?
Note for me: don't use libgnome-keyring
but libsecret
.
https://wiki.gnome.org/Projects/Libsecret
It would be nice to have an option/flag that would take a command (e.g. a gpg command) to run and use the output as a password. This way the account password wouldn't show up in the process listing or in the shell history file. Since there are already two different options (-a and -b) for giving account information, it might be better to have a different syntax to specify that the password part is a command and not a string instead of adding 2+ extra options. Another possibility would be to only be able to specify a password command in the config file.