* feat: Clone remote on init
When a remote is provided to the init command, try to clone it first.
If the cloned repository is not empty, use it as the password store.
Otherwise, initialize a new password store.
* feat: Clone remote on setup
When a remote is provided to the setup command, try to clone it first.
If the cloned repository is not empty, use it as the password store.
Otherwise, initialize a new password store.
* [fix] Remove init during clone
When we clone a repo we never want to initialize it automatically.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
The integration test for this feature (`TestAgeAgent`) is currently failing. The issue is that the test environment is non-interactive, and the code path for initializing a new age store requires a password for the identity keyring, which triggers a `pinentry` call that fails without a TTY. I have tried several approaches to work around this, including setting the `GOPASS_PASSWORD` environment variable and providing a custom pinentry script, but none have been successful so far. The core implementation of the agent is believed to be correct, but the integration test needs further work to run in a non-interactive environment.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* Fix some test failures and add more logging.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix lint error
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix integration tests
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
* fix: Ask user to confirm generated passphrase before invocing pinentry
This is to avoid users not seeing their generated password if using e.g.
pinentry curses UI.
Fixes#3030
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* fix: Let user confirm new passphrase before generating the new identity.
This way generating the ID might fail, but at least we don't have to
do ugly API changes to figure out a clean way to delete an ID file
after a failed setup attempt.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Pass remote, if given, to local init as well
This should cover the case when creating a new team with
an existing remote.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Remote some noisy logging and correctly handle the passed remote
location.
Please note that the current implmentation will only work if the remote
is fully empty (i.e. git init --bare, nothing more). If you need to
work with a non-empty remote use gopass clone for the time being.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit adds yet another config handler for gopass. It is based on
the format used by git itself. This has the potential to address a lot
of long standing issues, but it also causes a lot of changes to how we
handle configuration, so bugs are inevitable.
Fixes#1567Fixes#1764Fixes#1819Fixes#1878Fixes#2387Fixes#2418
RELEASE_NOTES=[BREAKING] New config format based on git config.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
address comments
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Improve passage support
This commit adds parsing of unencrypted passage identities and
automatically mounts an existing passage store under the mount
point passage/ if it's detected during setup (not later).
Fixes#2059
RELEASE_NOTES=[ENHANCEMENT] Improve passage support
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix lint checks
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit adds HIGHLY EXPERIMENTAL support for the Fossil SCM.
It's barely tested but seems to support the most basic use cases
already. A lot of Fossil specifics aren't supported, yet. Cloning
for examples isn't supported so far.
Fixes#2022
RELEASE_NOTES=[EXPERIMENTAL] Support the Fossil SCM
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
When gopass can't find a pinentry binary to use for prompting for a
password to unlock an age keyring, it uses its own barebones fallback
pinentry mechanism to prompt for a password in the terminal. This
fallback pinentry always asked the user to retype their password and
required the password match, even when decrypting a file using an
already-existing password. I've updated it to only prompt for a repeat
when necessary, and also made the password prompte messages less
awkward.
RELEASE_NOTES=[BUGFIX] Don't prompt to retype password unnecessarily
with age backend when pinentry binary is unavailable.
Signed-off-by: Faye Duxovni <duxovni@duxovni.org>
This commit adds a getting started section to the readme and improves
the gopass clone UX a little it. It also fixes the call depth for nested
debug.Log invocations (e.g. during ExitError) and adds debug logging
for every out invocation.
Fixes#1839
RELEASE_NOTES=n/a
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This new flag allows overriding the default secret name
computation with a custom secret name passed as the first
argument.
Fixes#1811
RELEASE_NOTES=[ENHANCEMENT] Add -f flag to create
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit renames the existing out methods that expect
a format string to include the common f suffix and introduces
new out methods without this suffix that don't accept a
format string or variadic arguments.
Fixes#1793
RELEASE_NOTES=n/a
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This change makes exportability checks more idiomatic
and the interface a little less cluttered.
RELEASE_NOTES=n/a
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Dominik Schulz
google-labs-jules[bot]
AnomalRoil
Gagan Deep
Dominik Schulz
Faye Duxovni