2022-10-26 14:13:55 +00:00
|
|
|
#! @bash@/bin/sh
|
|
|
|
|
|
|
|
# browserpass "validates" the gpg binary by invoking it with --version
|
|
|
|
if [ "$1" = "--version" ]
|
|
|
|
then
|
|
|
|
echo "sane-browserpass-gpg @version@";
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
2022-11-01 06:57:47 +00:00
|
|
|
# ensure the secret store is unlocked
|
2023-06-07 07:47:55 +00:00
|
|
|
@sane_secrets_unlock@/bin/sane-secrets-unlock
|
2022-11-01 06:57:47 +00:00
|
|
|
|
2022-10-26 14:13:55 +00:00
|
|
|
# using exec here forwards our stdin
|
|
|
|
# browserpass parses the response in
|
|
|
|
# <browserpass-extension/src/background.js#parseFields>
|
|
|
|
# it cares about `key:value`, and ignores whatever doesn't fit that (or has an unknown key)
|
2022-11-01 06:57:47 +00:00
|
|
|
# browserpass understands the `totp` field to hold either secret tokens, or full URLs.
|
|
|
|
# i use totp-b32 for the base-32-encoded secrets. renaming that field works OOTB.
|
|
|
|
exec @sops@/bin/sops --input-type yaml -d --output-type yaml --config /dev/null /dev/stdin | @gnused@/bin/sed s/\^totp-b32:/totp:/
|