browserpass: add support for totp, and auto-unlock the secrets store on first run
note that one needs to manually enable the TOTP setting in the browserpass settings for this to work -- TOTP parsing is disabled by default
This commit is contained in:
parent
8b473ff88f
commit
bad4fe0e76
|
@ -1,7 +1,9 @@
|
||||||
{ pkgs
|
{ pkgs
|
||||||
, bash
|
, bash
|
||||||
, fetchFromGitea
|
, fetchFromGitea
|
||||||
|
, gnused
|
||||||
, lib
|
, lib
|
||||||
|
, sane-scripts
|
||||||
, sops
|
, sops
|
||||||
, stdenv
|
, stdenv
|
||||||
, substituteAll
|
, substituteAll
|
||||||
|
@ -13,7 +15,8 @@ let
|
||||||
version = "0.1.0";
|
version = "0.1.0";
|
||||||
src = ./.;
|
src = ./.;
|
||||||
|
|
||||||
inherit bash sops;
|
inherit bash gnused sops;
|
||||||
|
sane_scripts = sane-scripts;
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
substituteAll ${./sops-gpg-adapter} $out/bin/gpg
|
substituteAll ${./sops-gpg-adapter} $out/bin/gpg
|
||||||
|
|
|
@ -7,8 +7,13 @@ then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# ensure the secret store is unlocked
|
||||||
|
@sane_scripts@/bin/sane-secrets-unlock
|
||||||
|
|
||||||
# using exec here forwards our stdin
|
# using exec here forwards our stdin
|
||||||
# browserpass parses the response in
|
# browserpass parses the response in
|
||||||
# <browserpass-extension/src/background.js#parseFields>
|
# <browserpass-extension/src/background.js#parseFields>
|
||||||
# it cares about `key:value`, and ignores whatever doesn't fit that (or has an unknown key)
|
# it cares about `key:value`, and ignores whatever doesn't fit that (or has an unknown key)
|
||||||
exec @sops@/bin/sops --input-type yaml -d --output-type yaml --config /dev/null /dev/stdin
|
# browserpass understands the `totp` field to hold either secret tokens, or full URLs.
|
||||||
|
# i use totp-b32 for the base-32-encoded secrets. renaming that field works OOTB.
|
||||||
|
exec @sops@/bin/sops --input-type yaml -d --output-type yaml --config /dev/null /dev/stdin | @gnused@/bin/sed s/\^totp-b32:/totp:/
|
||||||
|
|
|
@ -37,7 +37,7 @@
|
||||||
|
|
||||||
gocryptfs = prev.callPackage ./gocryptfs { pkgs = prev; };
|
gocryptfs = prev.callPackage ./gocryptfs { pkgs = prev; };
|
||||||
|
|
||||||
browserpass = prev.callPackage ./browserpass { pkgs = prev; };
|
browserpass = prev.callPackage ./browserpass { pkgs = prev; inherit sane-scripts; };
|
||||||
|
|
||||||
#### TEMPORARY: PACKAGES WAITING TO BE UPSTREAMED
|
#### TEMPORARY: PACKAGES WAITING TO BE UPSTREAMED
|
||||||
kaiteki = prev.callPackage ./kaiteki { };
|
kaiteki = prev.callPackage ./kaiteki { };
|
||||||
|
|
Loading…
Reference in New Issue
Block a user