I'm using a different email address with git and gopass. To work around #13 I need to change my email address in ~/.gitconfig. It would be cool to be able to specify a email address when creating a store or maybe use the email address from the selected gpg key.

Trying to import lastpass credentials using lastpass2pass.rb from https://www.passwordstore.org/
gopass gets confused reading EOF when inserting. Probably because it asks for confirmation.

Trying to go ahead with the confirmation also didn't work for me using something like

cmd := exec.Command("gopass", "insert", "-f", fmt.Sprintf("%s/%s", "test", "username"))
cmd.Stdin = strings.NewReader(fmt.Sprintf("%s\n%s\nY\n", "password", "password"))

Whenever I try to run gopass mount I get Error: Entry is not in the password store.
I already have a root store.
What are the steps to add a new store and mount?

I haven't found a way to run gopass git commands in mounts.

When you run pass -c <filename>, pass's behavior is to copy the first line of the file, allowing you to get the password easily while using the rest of the file in a freeform fashion. gopass seems to copy the whole contents of the file, which makes it hard to use multiple lines for things like login and URL.

MacOS doesn't have a /dev/shm directory so gopass falls back to ioutil.TempDir which will write plaintext to the disk. pass does a lot of work on darwin to avoid this.

Hey All,

Great work on the tool, have been experimenting with it a little bit but I was interested in one bit:

https://github.com/justwatchcom/gopass/blob/be6ed5bf4bf0c1dea29699870df814f8f31a85be/action/init.go#L38

I found that I cannot init a store without having both my public and private key on the machine. Why does this not work with just my public key?

(documentation bug)

1. Initialize a store with gopass init [email protected]

2. Add a secret gopass insert some/secret

3. Add a recipient gopass recipients add XXXXXXXX

4. Add another secret gopass insert some/othersecret

The first secret can be decrypted by the initial recipient. The second secret can be decrypted by both recipients.

How to mass-edit many secrets at once and add / remove recipients to / from all of them?

I saw gopass on Hacker News and thought I would check it out. I actually plan on doing a PR for #4, but I have experienced an issue I want to raise here. Perhaps someone can expand further on this.

$ gopass insert world
Enter password for world:
Failed to restore terminal: errno 0
Retype password for world:
Failed to restore terminal: errno 0
gopass: Encrypting world for these recipients:
 - 0xB058C2BF639F134B - Mike C (Hi) <[email protected]>

Do you want to continue? [Y/n]:
error: gpg failed to sign the data
fatal: failed to write commit object

Error: failed to committ files to git: exit status 128

$ gopass show world
hello

So I insert a secret and it seems to fail, but then I'm able to retrieve it. The secret is present in the .password-store as a .gpg file and is indeed encrypted. Any thoughts on the errors here?

Versions:

• macOS 10.12
• gpg (GnuPG) 2.0.30 / libgcrypt 1.7.6 (gpg installed via brew)
• git version 2.11.0
• gopass HEAD (n/a ) go1.7.5

pass search works the same as the documented pass find (at least I think that's what it does...)
Any chance you could support search as an alias to find?

For example, adding symlinks in the root store pointing to the mounted stores so that pass mount/foo works just like gopass mount/foo (and so that other GUIs work with mounts).

When running gopass completion dmenu --type, dmenu is called by gopass and by default it displays entries horizontally. I'd like it to be displayed vertically and for that I would need to be able to call dmenu with custom arguments, for example dmenu -i -l 20 -p '>'.

We could maybe add a command line switch to specify arguments that would be passed to dmenu. For example gopass completion dmenu --type --extra-dmenu-args '-i -l 20 -p \'>\''.

When doing grep or show on OS X, using homebrew gpg2, I get this message:

You need a passphrase to unlock the secret key for
user: "Robert Sanders [email protected]"
4096-bit RSA key, ID 99999999, created 2015-01-25 (main key ID 55555555)

After that message, the correct output is printed. If doing "grep" I get one message per item scanned.

I have two PGP keys which can decrypt items in this repo. I'm not sure if that's a contributing factor.

This appears to suppress the message:

echo 'no-tty' >> ~/.gnupg/gpg.conf

However, I do not see that message when doing the same operations with pass so it should not be strictly necessary.

$ gopass --version
gopass 1.0.0 (8cae28cc 2017-02-03 12:10:47) go1.7.5

$ wc -l < ~/.password-store/.gpg-id 
      13

$ uname -a
Darwin ATL-RSANDERS-MAC.local 16.3.0 Darwin Kernel Version 16.3.0: Thu Nov 17 20:23:58 PST 2016; root:xnu-3789.31.2~1/RELEASE_X86_64 x86_64

$ gpg2 --version
gpg (GnuPG) 2.0.30
libgcrypt 1.7.6
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I used gopass init --store test but I don't know what the value "test" is used for.

New to gopass, just test driving it.

• macOS 10.12.3
• gopass 1.0.0 installed from binary tarball
• gpg 1.4.20 installed from brew
• gpg-agent 2.0.30 installed from brew
• git 2.9.2

I've configured gpg-agent to start automatically in ~/.bash_profile:

[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
  export GPG_AGENT_INFO
else
  eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
fi

$ cat ~/.gnupg/gpg-agent.conf 
use-standard-socket
default-cache-ttl 28800
max-cache-ttl 86400

Tested the agent, and it works. If I do gpg -d path/to/some/encrypted/file repeatedly, I only need to enter the GPG pass once.

I've installed gopass and done gopass init:

$ gopass init
Please select a private Key for encryption:
[0] 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXXXXX>
Please enter the number of a key (0-0) [0]: 
Password store initialized for: 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXXXX>

Please select a key for signing Git Commits
[0] 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXX>
Please enter the number of a key (0-0) [0]: 
Initialized empty Git repository in /Users/XXXXXXXXXXXXX/.password-store/.git/
[master (root-commit) e0dcdef] Add current contents of password store.
 2 files changed, 53 insertions(+)
 create mode 100644 .gpg-id
 create mode 100644 .gpg-keys/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[master d984775] Configure git repository for gpg file diff.
 1 file changed, 1 insertion(+)
 create mode 100644 .gitattributes
Git initialized

Then I've tried to insert some fake password, for testing:

$ gopass insert web/google.com
Enter password for web/google.com: 
Failed to restore terminal: errno 0
Retype password for web/google.com: 
Failed to restore terminal: errno 0
gopass: Encrypting web/google.com for these recipients:
 - 0xXXXXXXXXXXXXXXXX - Florin Andrei <florin@XXXXXXXXXXXXXXXXXX>

Do you want to continue? [Y/n]: 
gpg: XXXXXXXX: There is no assurance this key belongs to the named user

pub  4096R/XXXXXXXX 2016-07-25 Florin Andrei <florin@XXXXXXXXXXXXXX>
 Primary key fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX
      Subkey fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
                            
You need a passphrase to unlock the secret key for
user: "Florin Andrei <florin@XXXXXXXXXXXXXXXXX>"
4096-bit RSA key, ID XXXXXXXX, created 2016-07-25

gpg: problem with the agent - disabling agent use
error: gpg failed to sign the data
fatal: failed to write commit object

Error: failed to committ files to git: exit status 128

If I kill gpg-agent, and unset the GPG_AGENT_INFO variable (so basically disabling the GPG agent completely), then gopass works just fine, but of course it keeps nagging me about the GPG passphrase every time.

Hey guys!

gopass rm test removes the record without asking to supply the pass-phrase for the GPG key. Is it expected behavior?

Thanks!

Since this is the default location for config file according to freedesktop configuration specification:
https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

$XDG_CONFIG_HOME defines the base directory relative to which user specific configuration files should be stored. If $XDG_CONFIG_HOME is either not set or empty, a default equal to $HOME/.config should be used.

Add completion support for rofi. You would call rofi -dmenu with gopass completion rofi similarly to calling dmenu with gopass completion dmenu.

pass uses gpg2 instead of gpg if it is available:

GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
GPG="gpg"
export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}"
which gpg2 &>/dev/null && GPG="gpg2"

It looks like gopass always uses just gpg. IMHO it should also switch to gpg2 if it is available so it behaves exactly like pass.

I'd do a PR but unfortunately I'm not very familiar with Go (yet).

How to reproduce:

## The password store is a link to a dropbox folder
➤ ls -lad ~/.password-store/
drwx------@ 155 hobbeswalsh  staff  5270 Feb  3 20:23 /Users/hobbeswalsh/.password-store/

## hiding names of passwords, but asserting that there are some
hobbeswalsh@mac:~
➤ pass | wc -l  
     208

## Gopass does not read the passwords
hobbeswalsh@mac:~
➤ gopass
gopass

hobbeswalsh@mac:~
➤ gopass fsck
Wrong permissions for file /Users/hobbeswalsh/.password-store: drwx------
Fixing permissions from -rwx------ to -rw-------
Store (/Users/hobbeswalsh/.password-store) OK
hobbeswalsh@mac:~
➤ gopass
failed to check dir /Users/hobbeswalsh/.password-store/.gpg-id: lstat /Users/hobbeswalsh/.password-store/.gpg-id: permission denied
failed to check dir /Users/hobbeswalsh/.password-store/.gpg-id: lstat /Users/hobbeswalsh/.password-store/.gpg-id: permission denied

Error: password-store is not initialized. Try 'gopass init'

## Uh, thanks for messing up all my permissions, gopass!
## Now `pass` doesn't work either.
➤ pass
Password Store

How to work around the problem:

## Let's remove the symlink and make ~/.password-store a real directory
➤ rm .password-store
hobbeswalsh@mac:~

➤ mkdir .password-store
hobbeswalsh@mac:~

➤ cp -pR ~/Dropbox/password-store/* .password-store/
hobbeswalsh@mac:~
➤ gopass

Error: password-store is not initialized. Try 'gopass init'
hobbeswalsh@mac:~
➤ gopass init
Please select a private Key for encryption:
[0] 0xFDD6CAAFE5114586 - Robin Walsh <[email protected]>
Please enter the number of a key (0-0) [0]:
Password store initialized for: 0xFDD6CAAFE5114586 - Robin Walsh <[email protected]>

Please select a key for signing Git Commits
[0] 0xFDD6CAAFE5114586 - Robin Walsh <[email protected]>
Please enter the number of a key (0-0) [0]:
Initialized empty Git repository in /Users/rwwalsh/.password-store/.git/
... lots of output...

## Now it works.
hobbeswalsh@mac:~
➤ gopass | wc -l ; pass | wc -l
     209
     208

Obviously it would be nice it we supported symlinks.

This could be possibly connected to #55

deleting an empty folder with gopass rm -r yields an error message, but deletes the folder.

$ pass edit test/test
...
$ pass rm test/test
Are you sure you would like to delete test/test? [y/N]: y
$ pass rm -r test
fatal: pathspec '/home/andy/.password-store/test' did not match any files

Error: failed to add files to git: exit status 128

When I try to add a new recipient, gopass fails like so:

❯ gopass recipients add ##REMOVED###
gpg.listKeys: /usr/local/bin/gpg [gpg --with-colons --with-fingerprint --fixed-list-mode --list-public-keys ##REMOVED###]
Do you want to add '##REMOVED###' as an recipient? [y/N]: y
On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
	modified:   .gpg-id

no changes added to commit

Error: failed to committ files to git: exit status 1

The tree printed when running gopass get quite huge when mounting multiple password stores that each contain several entries.

We may want to consider to limit the initial depth of the tree or try to otherwise collapse it a little by default.

While I see some similarities, what are the main differences ?

https://news.ycombinator.com/item?id=13552756

I'm pretty excited about this actually. Thank-you so much for your efforts. I've been using pass for awhile now, and I really love what it does, but it's a case where it feels 90% finished.
I have one desperate request; colour output as an option. Every time there is an update to pass (or I need to reinstall) I need to edit the file and change the options from " tree -C " to " tree -n "
This is a pain in the ass. I am visually impaired. The 'default' dark-blue that tree uses for directories is unreadable to me.
My two choices for dealing with this are to use DIRCOLORS or edit the pass executable. I'd prefer to not muck about with my environment settings. (as I do not normally see any colour output)
Anyway; awesome project!

This should be doable in the future with not that much refactoring.

When I attempt to insert new entry I get the following errors:

Enter password for foo/bar: 
Failed to restore terminal: errno 0
Retype password for foo/bar: 
Failed to restore terminal: errno 0
gopass: Encrypting foo/bar for these recipients:
 - 0x56333C1D33F8CE08 - foo bar ([email protected]) <[email protected]>

Do you want to continue? [Y/n]: y

You need a passphrase to unlock the secret key for
user: foo bar ([email protected]) <[email protected]>"
4096-bit RSA key, ID 33F8CE08, created 2017-02-13

error: gpg failed to sign the data
fatal: failed to write commit object

Error: failed to commit files to git: exit status 128

I tried https://www.justwatch.com/gopass/faq/
This did not help.

My .gitconfig and user definition for my key match as well.

1.0.2 has been released last week. However, the version in Brew is still 1.0.1

brew tap justwatchcom/gopass
brew install gopass

$ gopass --version
gopass 1.0.1 (e3c63f0e 2017-03-27 21:23:02) go1.8

The install link for macOS states:

If you're a Homebrew maintainer by any chance, feel free to pull the formula into the main repo

That's not how it works. I've opened a thread about that on Brew's Community Discussion site...

http://discourse.brew.sh/t/missing-formula-gopass/618

...and I was told this:

We don't really do formulae requests. If you're interested: could you try and open a pull request? This document should help and we're happy to walk you through anything else.

This is the document they're talking about:

http://docs.brew.sh/How-To-Open-a-Homebrew-Pull-Request.html

So it looks like the process needs to be initiated from your side.

In pass, it is possible to use different keys to encrypt secrets by having multiple .gpg-id files in sub directories.

From pass manpage:

Contains the default gpg key identification used for encryption and decryption. Multiple gpg keys may be specified in this file, one per line. If this file exists in any sub directories, passwords inside those sub directories are encrypted using those keys. This should be set using the init command.

This seems not to be the case with gopass, is that correct?

What I did:

• init store with gpg key A -> key A is in ~/.password-store/.gpg-id
• create secret foo/bar
• secret is encrypted to key A
• create folder asdf
• put key B into ~/.password-store/asdf/.gpg-id
• create secret asdf/bla
• secret is encrypted to key A
• expected: secret is encrypted to key B

Getting this whenever I use init and either select a key from the menu or enter in a long ID.

I'm pretty sure I have this public key locally as it is from my own private keypair.

Is there any way to get additional debugging details so I can determine what this means? (I.e. failure of the gpg binary, maybe something wrong with my key, etc.)

Thanks.

It would be nice to be able to set options per-mount instead of only having them global. For example, autopush and autopull set to true on my local (root) store, but set to false on another mount.

This might be related to #5

I found that I was getting the Error: No useable private keys found error and dug into the source and debugged and found what I believe is the issue. I have a key that has no expiration date.

in gpg.go:IsUseable - the following code would faild on the Before(time.Now()) check:

if !k.ExpirationDate.IsZero() && k.ExpirationDate.Before(time.Now()) {
	return false
}

I changed this to and it works fine:

if !k.ExpirationDate.IsZero() {
	if k.ExpirationDate.Before(time.Now()) {
		return false
	}
}

I would have though short-circuit eval would have come into effect here? I'm on go 1.6.

In https://github.com/justwatchcom/gopass/blob/ab10cac22e2b79e617031ff6febdd7b0d00e04ad/password/git.go#L79

cmd := exec.Command("git", "config", "--local", "user.signkey", sk)

must be

cmd := exec.Command("git", "config", "--local", "user.signingkey", sk)

Feature request

Fish shell autocomplete with gopass completion fish

Fish shell completion script already exists for pass here.

Is this feature something that the contributors/community would be interested in adding?

In #89 we merged a PR that fixed some weird behaviour when deleting emtpy folders.

There are no integration test for this as of this moment, but can be easily added in the future.

pass generate foo/bar
pass generate foo/baz
pass rm -r foo/bar # errored before, shouldn't fail anymore
pass rm foo/baz
pass rm -r foo # errored before, shouldn't fail anymore

On my systems $HOME/.password-store is a symlink which works just fine with pass but not gopass.

Gopass failed to open the following structure:

$ tree .password-store
.password-store
├── domain.tld
│   ├── account01.gpg
│   ├── account02.gpg
├── domain.tld.gpg

$ gopass
Failed to add file domain.tld to tree: File domain.tld exists

Some info about my environment

$ uname
Linux x86_64
$ gopass version 
gopass 1.0.0 (8cae28cc 2017-02-02 15:45:17) go1.7.5

@notandy and me just talked and we need this for i3 & dwm, etc...

When deleting an entry git add may fail - depending on the git version installed - unless the --all flag is provided to git.

Since I can't open an issue at https://github.com/justwatchcom/homebrew-gopass, I am opening this here:

Would it be possible to also allow gnupg 21 as a dependency instead of gnupg 2 only?

Actual:

gopass rm -f some/file

Are you sure you would like to recursively delete some/file? [y/N]: y

Error: Entry is not in the password store

Expected:

gopass rm -f some/file

Are you sure you would like to recursively delete some/file? [y/N]: y

Deleted some/file

Hi,

Gentoo and Arch inject custom LDFLAGS targeted for binutils-ld that will fail with the golang compiler, please rename the LDFLAGS variable in the Makefile to mitigate this.

Thanks :)

qr code generation for passwords, cool would be output on the console like here: https://www.npmjs.com/package/qrcode-console

In the documentation in the Edit Config section, several options are shown but not explained. For example:

alwaystrust: false
autoimport: false

Documentation should explain all config keys

Since Windows seems to be supported since #14 it would be nice to also have Windows binaries.

When using gopass insert in "read-from-stdin" mode the confirmation prompt may flood the terminal.

We must avoid interactive I/O if reading from STDIN.

Could you guys please figure out who changes the name

Referred by cortex/gopass#31

As per #61 it's now possible to install gopass with homebrew and gnupg 2.1. This should probably be documented.

would be great to take the user by the hand to some extent, e.g. by showing choices à la yeoman cli: