add pa edit
j3s j3s@c3f.net
Thu, 28 Jan 2021 13:06:21 -0600
1 files changed,
29 insertions(+),
2 deletions(-)
jump to
M
bin/pa
→
bin/pa
@@ -43,13 +43,36 @@ #
# Heredocs are sometimes implemented via temporary files, # however this is typically done using 'mkstemp()' which # is more secure than a leak in '/proc'. - pubkey=$(sed -n 's/.*\(age\)/\1/p' ~/.age/key.txt) age -r "$pubkey" -o "$name.age" <<-EOF && - $pass + $pass EOF printf '%s\n' "Saved '$name' to the store." } +pw_edit() { + name=$1 + + # we use /dev/shm because it's an in-memory + # space that we can use to store private data, + # and securely wipe it without worrying about + # residual badness + if [ ! -d /dev/shm ]; then + die "Failed to access /dev/shm" + fi + + mkdir -p /dev/shm/pa + trap 'rm -rf /dev/shm/pa' EXIT + tmpfile="/dev/shm/pa/$name.txt" + + "${EDITOR:-vi}" "$tmpfile" + + if [ ! -f $tmpfile ]; then + die "New password not saved" + fi + + age -r "$pubkey" -o "$name.age" "$tmpfile" +} + pw_del() { yn "Delete pass file '$1'?" && { rm -f "$1.age"@@ -132,6 +155,7 @@ usage() { printf %s "\
pa 0.1.0 - age-based password manager => [a]dd [name] - Create a new password, randomly generated => [d]el [name] - Delete a password entry. +=> [e]dit [name] - Edit a password entry with $EDITOR. => [l]ist - List all entries. => [s]how [name] - Show password for an entry. Password length: export PA_LENGTH=50@@ -176,6 +200,8 @@
glob "$2" '*/*' && { mkdir -p "${2%/*}" || die "Couldn't create category '${2%/*}'"; } + pubkey=$(sed -n 's/.*\(age\)/\1/p' ~/.age/key.txt) + # Restrict permissions of any new files to # only the current user. umask 077@@ -187,6 +213,7 @@
case $1 in a*) pw_add "$2" ;; d*) pw_del "$2" ;; + e*) pw_edit "$2" ;; s*) pw_show "$2" ;; l*) pw_list ;; *) usage