Well, that gets rid of the prompt at login, but does not avoid having passwords in the weechat config.
Even though it is encrypted with a passphrase, I want to keep all my passwords in *one* place - pass. I host my configs in a public dotfiles repo, and would like not to have to worry about sensitive data being published somewhere. Even though weechat may be encrypted, it is one extra place you have to think about how to manage, guard, sync and safely store (another "attack vector"). Also, I have to get rid of the salt, making the encryption even weaker. Might be paranoid, but I don't feel confortable pushing unsalted passwords, encrypted by some application to a public repo. Also sync and lookup are to extra steps to configure. Would it be possible to get weechat config strings from environment variables? i.e. having a FREENODE_PASS var e.g.? That would at least get rid of the passwords inside weechats config files, though I don't know if exposing passwords as environment variables is a good idea, as any application could read them. Cheers, Pablo On Mon, Nov 26, 2018 at 07:09:08PM +0100, Tharre wrote: > Hi, > > On 11/26, [email protected] wrote: > > Hello, > > > > I was wondering if someone has found a way to integrate pass in > > weechat. > > > > Weechat's config doesn't allow to sepecify external programs to be > > run. There is a issue on the github page > > (https://github.com/weechat/weechat/issues/141) for this problem, but > > I don't have much hope of it being implemented soon. > > > > Their approach seems to be their own "secure storage", but I would > > like to use pass, since I have everything in there already. > > > > Has someone found a workaround? Any weechat users? > > > > Cheers, > > Pablo > > > > The workaround I use in my dotfiles[0] is simply letting weechat have > it's fancy secure storage and providing the passphrase via pass: > > $ WEECHAT_PASSPHRASE="$(pass personal/weechat)" weechat > > Then turn the salt off in sec.conf: > > [crypt] > salt = off > > so weechat doesn't re-salt everything all the time. > > It's not pretty, but works very well. > > [0] https://github.com/Tharre/dotfiles > > Regards, > > Tharre > > -- > PGP fingerprint: 42CE 7698 D6A0 6129 AA16 EF5C 5431 BDE2 C8F0 B2F4
signature.asc
Description: PGP signature
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
