-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for passage #127
Comments
Hello! Thanks for the link, interesting project! An honest answer is that I don't know whether we want to support it, we did design browserpass with I do agree that there's no doubt that it's possible to introduce the support without breaking changes, I'm just wondering if we should first see more interest from the community to use Finally if we go ahead with this, it is worth to consider generalizing this entire code instead of having hardcoded support for two specific tools - we are striving to have as few releases for |
Makes sense. To generalize it, as it works now, we would only really need to make the decryption arguments and the file extension configurable, in addition to the already configurable decryption program and store path. One thing to consider is that making the arguments fully configurable would mean giving the browser extension (or anything capable of writing to the extension's local storage) arbitrary code execution capabilities. Another option could be to support configuring a |
|
i'm about to apply a similar patch as Sebastian. my own store uses Mozilla's browserpass' anyway, count me in for both:
and, more preferably,
in the meantime, is there any pluggable browser password filler i should look into? or is my best bet to locally patch browserpass? edit: here's my hack to get browserpass speaking to |
Thanks to all of you who express support for age and share your usecases, I feel like I'm sold on the idea to generalize browserpass in terms of extensions and decryption commands. Is anyone up for creating a PR? I think we can strive for not breaking existing setups and at the same time allow configuring what is necessary to make configurable to support age, without hardcoding things for new tools. We tend to prefer to release native component as less frequent as possible, and there's already another PR in active development which requires changes in native host, it would be ideal to include the support for age in the same version, i.e. in the next release. |
One thought, would we want it to be globally configured as the gpgPath is now, or per-store? I could imagine some people may want to run different kinds of stores simultaneously. |
Per-store makes sense, in fact I can see an inconsistency in this repo docs and in extension docs, where the latter seems to suggest it already is per store. I can't recall at the moment what is right, but we should definitely align the docs. |
@maximbaz i could whip something up that introduces some configurable interface between browserpass-native and the thing actually listing/fetching passwords. to do this right i think i'll also have to make a small (hopefully) change to the browserpass-extension so that it doesn't forcibly append i'd be inclined to introduce two user-facing settings: one which names a command to run for listing secrets ("list_command"), and another to load them from disk and decrypt them ("fetch_command"). browserpass-native would just i can hammer that out & we reconcile the minor stuff during PR time if that sounds reasonable enough, or we can hash out the details in advance if you're particular about this. is there some chatroom you or other devs around here use to coordinate? |
Thanks for your offer and willingness to help!
This would be the best place I think 👍
Correct, although it shouldn't be too hard, the real "origin" of where the file extension is being hardcoded to
We should also at least think about
I think it's a reasonable proposal, I have some initial suggestions, none seem to be conflicting with your vision:
I'm not sure if we necessarily want cc @erayd, if you want to share some thoughts on this feature request? |
@maximbaz I'm open to it, but would prefer it to happen after the MV3 migration. We're on a deadline for that, which is approaching far too quickly, and this isn't the only extension I need to migrate. Could we revisit this after that is done?
Happy with this, but we should allow the extension to pass a list of exclusions (if we don't already; IIRC I think we already made that a feature). Skipping stuff like the Something else to consider is that, if we're allowing more backends, we may want to also allow the host to simply call plugin binaries. Some backends may do things like encrypting file & folder names, and trying to natively handle all that is probably not the greatest idea. Allowing the native host to call out to some other configured binary that will provide listings & content is probably better IMO. Plus that way implementations can update their own stuff independently of our own native host, and still maintain compatibility.
I agree. Keep it external. |
Sure thing 👍
I'm not sure that we have it right now, I think we simply glob recursively for a hardcoded
Yeah! I think it's what we also had in mind with Although now that I think about, my idea to avoid having to configure file extension and instead extract it from file entry wouldn't work, as we'd have to know the extension already on the |
…uming .gpg this is in support of <browserpass/browserpass-native#127>. this has immediate benefit for anyone using the patches shared in that PR today. without this, browserpass doesn't recognize `github.aaakk.us.kg.age` as a default key for `https://github.com`, because it fails the substring match. by stripping the extension -- whatever it is -- both `github.aaakk.us.kg.gpg` and `github.aaakk.us.kg.age` are recognized as keys for their intended domain.
…uming .gpg this is in support of <browserpass/browserpass-native#127>. this has immediate benefit for anyone using the patches shared in that PR today. without this, browserpass doesn't recognize `github.aaakk.us.kg.age` as a default key for `https://github.com`, because it fails the substring match. by stripping the extension -- whatever it is -- both `github.aaakk.us.kg.gpg` and `github.aaakk.us.kg.age` are recognized as keys for their intended domain.
…uming .gpg this is in support of <browserpass/browserpass-native#127>. this has immediate benefit for anyone using the patches shared in that PR today. without this, browserpass doesn't recognize `github.aaakk.us.kg.age` as a default key for `https://github.com`, because it fails the substring match. by stripping the extension -- whatever it is -- both `github.aaakk.us.kg.gpg` and `github.aaakk.us.kg.age` are recognized as keys for their intended domain.
…uming .gpg (#312) this is in support of <browserpass/browserpass-native#127>. this has immediate benefit for anyone using the patches shared in that PR today. without this, browserpass doesn't recognize `github.aaakk.us.kg.age` as a default key for `https://github.com`, because it fails the substring match. by stripping the extension -- whatever it is -- both `github.aaakk.us.kg.gpg` and `github.aaakk.us.kg.age` are recognized as keys for their intended domain.
Does browserpass want to add support for passage?
Passage is mostly similar to pass. The only difference is the actual data files are put in an extra subdirectory in the store (
~/.passage/store
), the file extension is different, and the command to decrypt is different. I fairly easily managed to get browserpass working with passage just by hacking the host application (sebastianblunt@dd761ea).For proper support, I figure we could have two types of custom stores. Add an extra
kind
field to the store configuration (with a value of eithergpg
orage
, if field is missing it defaults togpg
). Then just add an extra global optionagePath
(corresponding togpgPath
). Keep the default store using gpg and require passage users to set up a custom age store.Any thoughts? Would PRs for this be accepted?
The text was updated successfully, but these errors were encountered: