mirror of
https://github.com/gopasspw/gopass.git
synced 2026-05-30 11:18:48 +02:00
Dominik Schulz
dfb8fcb787
This commit adds yet another config handler for gopass. It is based on the format used by git itself. This has the potential to address a lot of long standing issues, but it also causes a lot of changes to how we handle configuration, so bugs are inevitable. Fixes #1567 Fixes #1764 Fixes #1819 Fixes #1878 Fixes #2387 RELEASE_NOTES=[BREAKING] New config format based on git config. Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> Co-authored-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
8.8 KiB
8.8 KiB
Configuration
Environment Variables
Some configuration options are only available through setting environment variables.
| Option | Type | Description |
|---|---|---|
CHECKPOINT_DISABLE |
bool |
Set to any non-empty value to disable calling the GitHub API when running gopass version. |
GOPASS_DEBUG |
bool |
Set to any non-empty value to enable verbose debug output |
GOPASS_DEBUG_LOG |
string |
Set to a filename to enable debug logging |
GOPASS_DEBUG_LOG_SECRETS |
bool |
Set to any non-empty value to enable logging of credentials |
GOPASS_DEBUG_FUNCS |
string |
Comma separated filter for console debug output (functions) |
GOPASS_DEBUG_FILES |
string |
Comma separated filter for console debug output (files) |
GOPASS_UMASK |
octal |
Set to any valid umask to mask bits of files created by gopass |
GOPASS_GPG_OPTS |
string |
Add any extra arguments, e.g. --armor you want to pass to GPG on every invocation |
GOPASS_EXTERNAL_PWGEN |
string |
Use an external password generator. See Features for details |
GOPASS_CHARACTER_SET |
bool |
Set to any non-empty value to restrict the characters used in generated passwords |
GOPASS_CONFIG |
string |
Set this to the absolute path to the configuration file |
GOPASS_HOMEDIR |
string |
Set this to the absolute path of the directory containing the .config/ tree |
GOPASS_FORCE_UPDATE |
bool |
Set to any non-empty value to force an update (if available) |
GOPASS_NO_NOTIFY |
bool |
Set to any non-empty value to prevent notifications |
GOPASS_NO_REMINDER |
bool |
Set to any non-empty value to prevent reminders |
GOPASS_CLIPBOARD_COPY_CMD |
string |
Use an external command to copy a password to the clipboard. See GPaste for an example |
GOPASS_CLIPBOARD_CLEAR_CMD |
string |
Use an external command to remove a password from the clipboard. See GPaste for an example |
GOPASS_GPG_BINARY |
string |
Set this to the absolute path to the GPG binary if you need to override the value returned by gpgconf, e.g. QubesOS. |
GOPASS_PW_DEFAULT_LENGTH |
int |
Set to any integer value larger than zero to define a different default length in the generate command. By default the length is 24 characters. |
GOPASS_AUTOSYNC_INTERVAL |
int |
Set this to the number of days between autosync runs. |
GOPASS_NO_AUTOSYNC |
bool |
Set this to true to disable autosync. Deprecated. Please use core.autosync |
Variables not exclusively used by gopass
| Option | Type | Description |
|---|---|---|
PASSWORD_STORE_DIR |
string |
absolute path containing the password store (a directory). Only supported during initialization! |
PASSWORD_STORE_UMASK |
string |
Set to any valid umask to mask bits of files created by gopass (GOPASS_UMASK has precedence over this) |
EDITOR |
string |
command name to execute for editing password entries |
PAGER |
string |
the pager program used for gopass list. See Features for details |
GIT_AUTHOR_NAME |
string |
name of the author, used by the rcs backend to create a commit |
GIT_AUTHOR_EMAIL |
string |
email of the author, used by the rcs backend to create a commit |
NO_COLOR |
bool |
disable color output. See no-color.org for more information. |
Configuration Options
During start up, gopass will look for a configuration file at $HOME/.config/gopass/config. If one is not present, it will create one. If the config file already exists, it will attempt to parse it and load the settings. If this fails, the program will abort. Thus, if gopass is giving you trouble with a broken or incompatible configuration file, simply rename it or delete it.
All configuration options are also available for reading and writing through the sub-command gopass config.
- To display all values:
gopass config - To display a single value:
gopass config autoclip - To update a single value:
gopass config autoclip false - As many other sub-commands this command accepts a
--storeflag to operate on a given sub-store, provided the sub-store is a remote one.
Configuration format
gopass uses a configuration format inspired by and mostly compatible with the configuration format used by git. We support
different configuration sources that take precedence over each other, just like git.
Configuration precendence
- Hard-coded presets apply if nothing else if set
- System-wide configuration file allows operators or package maintainers to supply system-wide defaults in /etc/gopass/config
- User-wide (aka. global) configuration allows to set per-user settings. This is the closest equivalent to the old gopass configs. Located in
$HOME/.config/gopass/config - Per-store (aka. local) configuration allow to set per-store settings, e.g. read-only. Located in
<STORE_DIR>/config. - Per-store unversioned (aka
config.worktree) configuration allows to override versioned per-store settings, e.g. disabling read-only. Located in<STORE_DIR>/config.worktree - Environment variables (or command line flags) override all other values. Read from
GOPASS_CONFIG_KEY_nandGOPASS_CONFIG_VALUE_nup toGOPASS_CONFIG_COUNT. Command line flags take precedence over environment variables.
Configuration options
This is a list of available options:
| Option | Type | Description | Default |
|---|---|---|---|
core.autoclip |
bool |
Always copy the password created by gopass generate. Only applies to generate. |
false |
core.autoimport |
bool |
Import missing keys stored in the pass repository without asking. | false |
core.autosync |
bool |
Always do a git push after a commit to the store. Makes sure your local changes are always available on your git remote. |
true |
core.cliptimeout |
int |
How many seconds the secret is stored when using -c. |
45 |
core.exportkeys |
bool |
Export public keys of all recipients to the store. | true |
core.nocolor |
bool |
Do not use color. | false |
core.nopager |
bool |
Do not invoke a pager to display long lists. | false |
core.notifications |
bool |
Enable desktop notifications. | true |
core.parsing |
bool |
Enable parsing of output to have key-value and yaml secrets. | true |
core.readonly |
bool |
Disable writing to a store. Note: This is just a convenience option to prevent accidential writes. Enforcement can only happen on a central server (if repos are set up around a central one). | false |
mounts.path |
string |
Path to the root store. | $XDG_DATA_HOME/gopass/stores/root |
core.showsafecontent |
bool |
Only output safe content (i.e. everything but the first line of a secret) to the terminal. Use copy (-c) to retrieve the password in the clipboard, or force (-f) to still print it. |
|
age.usekeychain |
bool |
Use the OS keychain to cache age passphrases. | false |
| `domain-alias. | string |
Alias from domain to the string value of this entry. | `` |