diff options
Diffstat (limited to '.local/bin/id-init')
-rwxr-xr-x | .local/bin/id-init | 40 |
1 files changed, 9 insertions, 31 deletions
diff --git a/.local/bin/id-init b/.local/bin/id-init index 11221c3..72f8cbe 100755 --- a/.local/bin/id-init +++ b/.local/bin/id-init | |||
@@ -1,31 +1,9 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/sh |
2 | # | 2 | |
3 | # Initalizes various identity management programs | 3 | tmpfile="$(mktemp)" |
4 | # | 4 | chmod 700 $tmpfile |
5 | # Must be run with bash (or probably any other shell that is not narrowly posix-compliant) | 5 | echo "pass ssh" > $tmpfile |
6 | # to use here-string redirection | 6 | export SSH_ASKPASS="$tmpfile" |
7 | 7 | export SSH_ASKPASS_REQUIRE="force" | |
8 | # Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC | 8 | ssh-add |
9 | # Caching the GPG passphrase will allow access to pass without user input | 9 | rm $tmpfile |
10 | # | ||
11 | # gpg-agent must be started with --allow-preset-passhprase or have it in the config file | ||
12 | # gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours | ||
13 | # you may want to increase that if you want the password to be cached for the whole session | ||
14 | |||
15 | get_pass() { | ||
16 | continue=1 | ||
17 | while [ $continue -eq 1 ] | ||
18 | do | ||
19 | keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG | ||
20 | continue=$? | ||
21 | done | ||
22 | } | ||
23 | |||
24 | KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)" | ||
25 | /usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP <<< "$(get_pass)" | ||
26 | |||
27 | # Open graphical KeePassXC with password stored in pass, now that pass can be accessed | ||
28 | # without entering credentials for the GPG key | ||
29 | # This will also add SSH keys to ssh-agent | ||
30 | |||
31 | keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)" | ||