Implement running shell commands for getting passwords

[osa1]

Password fields can now be a map with a command key and a string value. The
value is used the shell command to run to get the password.

To keep things simple, all external commands are run on startup.

Fixes #246

[kmaasrud]

@osa1 What is the status on this PR? I would really like to run tiny without storing my password directly in the config 😄

[osa1]

@kmaasrud I'm a bit low on bandwidth but I have time this week to make some progress. Maybe we can finish this.

Before implementing, there are some design questions to answer though.

This works fine when the password store is unlocked before running tiny. If not unlocked I think most password managers will want to print something to stdout first, something like Enter master key password: to unlock the password store, which won't work because we capture the stdout, to be able to read the printed password. Not sure how to work around this issue yet.

We have two options:

1. We could run commands before running the TUI.
2. We could use suspend/activate, similar to how we run $EDITOR.

I feel like (1) should be good enough, and it will certainly make the implementation simpler.

I think the syntax ($ prefix) for commands (to distinguish them from passwords) is fine.

[kmaasrud]

I feel like (1) should be good enough, and it will certainly make the implementation simpler.

I think the syntax ($ prefix) for commands (to distinguish them from passwords) is fine.

+1 on this---it sounds like a very good solution to the problem! Better to keep it simple where possible.

[osa1]

I think this is done, just need to update README, CHANGELOG, and commit message.

However I'm having trouble using this feature. If I use pass show irc_pass as a password command, I get this error when running tiny:

Running server password command for server irc.oftc.net (`pass show irc_pass`)
Command returned non-zero: 2
stdout is empty
stderr:
--------------------------------------
gpg: public key decryption failed: No such file or directory
gpg: decryption failed: No such file or directory

--------------------------------------

But when I run pass show irc_pass in shell it works as expected.

Once I run the pass command to unlock the key store (so that pass show irc_pass directly prints the password) I can run tiny.

Does anyone know why this happens?

[kmaasrud]

Does anyone know why this happens?

@osa1 Some environment variable that the binary cannot access? Have you tested with different password commands (e.g., a simple echo?)

[osa1]

Yeah, simple commands like nickserv_ident: "$ echo '...'", or cat ... etc. work fine.

We should figure out how to make this work with pass. I'm assuming most people will use some kind of password manager, instead of a simple echo/cat etc.

[trevarj]

I just tried and it works for me with the $ pass show irc-pass in the password field.

The keyring unlock pops up and I type my unlock password and then it starts tiny.

[kmaasrud]

Using security on MacOS also works for me! The keychain unlocks nicely and tiny successfully uses the requested password.

[osa1]

I just tried this on my Linux system and it also works there.

I will merge this today, we can debug any platform-specific issues later.

[trevarj]

Should we update the sample config.yml too?

[osa1]

We show an example in the README so I'm not sure if it's necessary.

[kmaasrud]

Awesome work, @osa1! Thanks for fixing this so quickly 😄