Add a Password Eval Option

[noctuid]

It would be nice to have an option/flag that would take a command (e.g. a gpg command) to run and use the output as a password. This way the account password wouldn't show up in the process listing or in the shell history file. Since there are already two different options (-a and -b) for giving account information, it might be better to have a different syntax to specify that the password part is a command and not a string instead of adding 2+ extra options. Another possibility would be to only be able to specify a password command in the config file.

[mcrapet]

Hi,

For security aspects, I agree. We need to think about supported any keystore to retrieve password.
For now it's plain text in the config file:

$ cat ~/.config/plowshare/plowshare.conf 
...
115/a=plowshare:xxx
2shared/b = plowshare@gmx.com:xxxx
...

This will not appear in shell history.

[mcrapet]

Hi,
Were you thinking about this kind of usage: https://www.passwordstore.org/

[noctuid]

I was thinking about being able to get the password from any command like with isync's PassCmd option. For example:

PassCmd "gpg2 -q --for-your-eyes-only --no-tty -d ~/.mailpass.gpg"

For isync, I'm just piping the output of a gpg command into awk to choose the correct password. That said, I do use pass and would be fine using it for this. Would there be a benefit to using pass specifically?

[mcrapet]

.mailpass.gpg is an (ciphered) text file containing credentials ?

[noctuid]

Yes, in this case it would just contain the password.

[mcrapet]

What do you think of this: https://keybase.io/docs/kbfs

[noctuid]

Well with the equivalent of PassCmd, it shouldn't matter how the file was encrypted. Are you suggesting some sort of integration that would only work with the keybase filesystem?

[mcrapet]

Note for me: don't use libgnome-keyring but libsecret.
https://wiki.gnome.org/Projects/Libsecret