Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support multiple stores natively #118

Open
lasers opened this issue Apr 20, 2022 · 8 comments
Open

Support multiple stores natively #118

lasers opened this issue Apr 20, 2022 · 8 comments

Comments

@lasers
Copy link

lasers commented Apr 20, 2022

General information

Make browserpass support multiple stores?

I wanted to know if browserpass should be supporting multiple stores too without having to add each store manually in the extension. If I set PASSWORD_STORE_DIR or use any store path (i.e ~/.local/share/gopass/stores), then the extension should be able to pick up secrets in all stores.

https://github.com/gopasspw/gopass/blob/master/docs/features.md#multiple-stores

  • Operating system + version: NixOS
  • Browser + version: Firefox 99.0.1
  • Information about the host app:
    • How did you install it? Package manager.
    • If installed an official release, put a version ($/ browserpass --version): Na.
    • If built from sources, put a commit id ($ git describe --always): Na.
  • Information about the browser extension:
    • How did you install it? Firefox Addons.
    • Browserpass extension version as reported by your browser: 3.7.2

If you are getting an error immediately after opening popup, have you followed the Configure browsers documentation section?


Exact steps to reproduce the problem

Na.

What should happen?

  1. Set PASSWORD_STORE_DIR or specify a multi-stores path.

  2. Browserpass to pick up secrets in all stores.

  3. Enter any secrets.

What happened instead?

  1. Browserpass doesn't recognize the multi-stores path.
@maximbaz
Copy link
Member

maximbaz commented Apr 20, 2022

Hello, the extension doesn't have a coupling to gopass or any specific implementation or variation of password store, we do respect $PASSWORD_STORE_DIR environment variable (which allows only for one location), but don't support or rely specifically on gopass and its structure.

That's why if you have multiple stores, you need to use browser extension config, but on the other hand it allows to have complete freedom, you to have multiple stores even if you use plain pass (just define them as subfolders of your $PASSWORD_STORE_DIR, or have one store point to pass and another to gopass locations, etc.

UPDATE: you might have hit this caveat: in order to recognize PASSWORD_STORE_DIR environment variable, this variable needs to be exported for the browser to see, so it needs to be visible for all GUI apps, not just in your terminal - so e.g. putting it into your .zshrc is often not enough. I'm not very sure how you'd do it on NixOS to give you a more concrete hint...

@erayd
Copy link
Collaborator

erayd commented Apr 20, 2022

@maximbaz Is there anything preventing $PASSWORD_STORE_DIR from containing multiple locations, using the standard $PATH syntax?

If there's nothing in the way, it might be worth us parsing that - seems like a pretty simple thing to add, and quite useful.

@maximbaz
Copy link
Member

pass doesn't seem to like that format, chances are people who set this variable would also be using pass...

@erayd
Copy link
Collaborator

erayd commented Apr 20, 2022

Let's not, then. We don't want to encourage anything that would cause pass incompatibilities.

@lasers
Copy link
Author

lasers commented Apr 21, 2022

There could be an upstream tweak to accept only the first supplied store.

@maximbaz
Copy link
Member

Realistically I don't think it's something we'll be pursuing, but you are welcome to try to do this. We could potentially support our own environment variable, but then again I'm not really sure how much benefit is in it, if you have to configure it in one place and only one tool supports this configuration, it is far easier for people to configure it in browser extension options...

@fetwar
Copy link

fetwar commented Nov 20, 2023

Could browserpass potentially look at the gopass config and parse it as extra stores similar to how you would manually through the browserpass extension menu?

For example, if a user has their root store at ~/.password-store and an additional gopass mount at ~/.password-store-work the following file is created at ~/.password-store/.config/gopass/config

[mounts]
	path = /home/username/.password-store
[recipients]
	hash = xxxxx
[recipients "work"]
	hash = xxxxx
[mounts "work"]
	path = /home/username/.password-store-work

This would provide both the mounts display name (in this case work) and the mounts path to be added.

The main advantage of doing this would be for team compatibility and auto setup, it wouldn't be a lot of work to go into the browser extension on just your PC, but having to do it for every member on a team would make it a big headache when this step could potentially be automated.


What are your thoughts @maximbaz ?

@maximbaz
Copy link
Member

Hello, thanks for bringing this up!

I acknowledge that the setup shouldn't be unnecessarily complicated. I think it's important to mention some constraints that we chose for this project:

  1. Not relying on any specific password-store client (not gopass, not even pass itself).
  2. Staying compatible with password-store format.
  3. Offloading most of the logic to browser extension.

Making native host parse gopass config file would violate the first point (e.g. it would make us dependent on the gopass, if they for example choose to change config file format), and open up for requests to also support other clients (which would conflict with the third point). This makes me not super-keen on the idea...

But perhaps we can still improve your workflow? What do you think about doing something on the browser side?

Here's what I'm thinking: configuration in the browser extension is a simple json, stored in local storage. What if we were to add some kind of Backup/Restore functionality in the extension options? Then you could have some script that converts gopass config to browserpass config, and upload it via "Restore". Not exactly an auto-setup, but if you have a lot of stores, it would reduce the setup to a few clicks?

(A certain language model is convincing me that it's possible to manipulate local storage of an extension from a python script, though I don't know if we should trust it, and whether I'd go down that hacky road even if it was technically possible 😅)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

4 participants