#!/bin/bash # # Initalizes various identity management programs # # Must be run with bash (or probably any other shell that is not narrowly posix-compliant) # to use here-string redirection # Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC # Caching the GPG passphrase will allow access to pass without user input # # gpg-agent must be started with --allow-preset-passhprase or have it in the config file # gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours # you may want to increase that if you want the password to be cached for the whole session get_pass() { continue=1 while [ $continue -eq 1 ] do keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG continue=$? done } KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)" /usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP <<< "$(get_pass)" # Open graphical KeePassXC with password stored in pass, now that pass can be accessed # without entering credentials for the GPG key # This will also add SSH keys to ssh-agent keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)"