Currently, the output of `pass generate` cannot be piped into another command that expects a password because it contains git output and other interactive outputs. For example:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048
-aes-256-cbc -pass file:<(pass example.com.key 30 2>/dev/null) -out
example.com.key
Fails because pass outputs the git commit messages into the named pipe
passed to -pass.
The attachment is rudimentary attempt to send most output from generate
to stderr except the password itself.
Maybe a better implementation is to have an explicit --quiet option?
From f69b21b97ea9705ec6ed082c640675bb5a18b423 Mon Sep 17 00:00:00 2001 From: Lie Ryan <[email protected]> Date: Mon, 14 Sep 2015 17:40:19 +1000 Subject: [PATCH] Output from pass generate should go to stderr This allows `pass generate` to be used to generate password with a script. --- src/password-store.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index d535a74..143695f 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -467,10 +467,12 @@ cmd_generate() { fi local verb="Add" [[ $inplace -eq 1 ]] && verb="Replace" - git_add_file "$passfile" "$verb generated password for ${path}." + git_add_file "$passfile" "$verb generated password for ${path}." >&2 if [[ $clip -eq 0 ]]; then - printf "\e[1m\e[37mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass" + printf "\e[1m\e[37mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m" "$path" >&2 + printf "$pass" + printf "\n" >&2 else clip "$pass" "$path" fi -- 1.9.1
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
