colin
bad4fe0e76
note that one needs to manually enable the TOTP setting in the browserpass settings for this to work -- TOTP parsing is disabled by default
20 lines
774 B
Bash
20 lines
774 B
Bash
#! @bash@/bin/sh
|
|
|
|
# browserpass "validates" the gpg binary by invoking it with --version
|
|
if [ "$1" = "--version" ]
|
|
then
|
|
echo "sane-browserpass-gpg @version@";
|
|
exit 0
|
|
fi
|
|
|
|
# ensure the secret store is unlocked
|
|
@sane_scripts@/bin/sane-secrets-unlock
|
|
|
|
# using exec here forwards our stdin
|
|
# browserpass parses the response in
|
|
# <browserpass-extension/src/background.js#parseFields>
|
|
# it cares about `key:value`, and ignores whatever doesn't fit that (or has an unknown key)
|
|
# browserpass understands the `totp` field to hold either secret tokens, or full URLs.
|
|
# i use totp-b32 for the base-32-encoded secrets. renaming that field works OOTB.
|
|
exec @sops@/bin/sops --input-type yaml -d --output-type yaml --config /dev/null /dev/stdin | @gnused@/bin/sed s/\^totp-b32:/totp:/
|