Display Multi-line Passwords about gopass HOT 6 OPEN

@OceanTrader1 From what I can tell, looking at the codebase, Gopass handles passwords by simply having them as the first line, always, and assuming that the other lines are other fields, or the body text. For example:

 ❯ gopass insert my-entry <<EOF
username: my-username
password: my-secret
EOF

 ❯ gopass show my-entry
Secret: my-entry

username: my-username
password: my-secret

 ❯ gopass show -o my-entry
username: my-username

It would have to be it's own feature, as the default way gopass parses passwords (where the first line is always the password) is depended on and expected by several external integrations.

Maybe there could be discussion about a feature / alternative syntax that would allow saving and parsing of a password that was several lines?

A side note though, the --multiline flag isn't the clearest about it's functionality. It's essentially --edit or --editor=$EDITOR, but could imply that the password and all password features, will be handled by that.

from gopass.

Gopass handles passwords by simply having them as the first line, always, and assuming that the other lines are other fields, or the body text...It would have to be it's own feature

I agree with the points stated. Either (1) the language for the --multiline documentation should be clarified regarding this limitation if the current scope of gopass is working as intended, or (2) introduce new functionality for multi-line passwords.

external integrations

Is there a recommended method that exists already for reading stored private keys having the -----[BEGIN|END] OPENSSH PRIVATE KEY----- format?

from gopass.

@OceanTrader1 Can I ask which circumstances you're in that can't be satisfied by the generic gopass show <secret>? If you're concerned about the first line that says Secret: <secret>, it doesn't actually get carried over to the output when piping or setting variables.

To clarify, I set a multiline password with the following text:

---
my
multiline
ssh
key
---

 ❯ gopass show test
Secret: test

---
my
multiline
ssh
key
---


 ❯ gopass show test | cat
---
my
multiline
ssh
key
---

 ❯ my_var="$(gopass show test)" && echo "$my_var"
---
my
multiline
ssh
key
---

Though I may be overlooking something so feel free to let me know. I'm also not well-versed in the Windows implementation, if that applies, though I would imagine (or hope, at least) it's similar.

from gopass.

I am using MacOS, so I can not speak directly to the Windows implementation either.

I concur that piping for works adequately for reading a stored key though it was not apparent that only the multi-line key is piped to STDOUT. Still, the wording for the --password flag seems misleading in this context. My suggestion is to adjust the language in the documentation to express this behaviour more clearly. Thoughts?

from gopass.

If you want to have a multiline key-value, that should work, relying on our YAML parsing support:

---
key: |
  -----BEGIN OPENSSH PRIVATE KEY-----
  ...
  ...
  -----END OPENSSH PRIVATE KEY-----
user: bob

and you can get the multi-line key using:

$ gopass show name/of/entry key
Secret: testy
Key: key

-----BEGIN OPENSSH PRIVATE KEY-----
...
...
-----END OPENSSH PRIVATE KEY-----

As mentioned earlier by someone, we display extra information on stderr, such as the name of the secret and the key being queried.
These do not get copied nor piped further:

gopass -c name/of/entry key

will copy just the multiline key-value.

You can check this by seeing that

gopass name/of/entry key | cat

works and it doesn't get piped further.

Another option is to just disable all parsing and force output with:

gopass show -n -f name/of/entry

from gopass.

Hm, I wasn't thinking of the YAML support for multi-line passwords with a specific key. Cool stuff. I probably should have greped for multi-line haha.

from gopass.