#!/bin/bash # # Initalizes various identity management programs # # Must be run with bash (or probably any other shell that is not narrowly posix-compliant) # to use here-string redirection # # This is a very short script but may require some explanation as to its purpose. # # I use both KeePassXC and pass for password management. This may seem redundant, and in some # aspects it probably is, but for me each program has a purpose that the other cannot fill # completely. Pass is great for programmatic access of passwords because of its use of # gpg-agent, and KeePassXC's integration with ssh-agent is very useful. # # This script first caches the passhphrase for the GPG key which allows further use of the # key without a prompt for a password - this of course applies to pass as well since it uses # the gpg key. KeePassXC is then opened, which also adds the SSH keys to the ssh-agent. # # KeePassXC, pass, gpg-agent, and ssh-agent are then all initialized and ready to be # used without any further user input, with just one set of credentials. # Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC # Caching the GPG passphrase will allow access to pass without user input # # gpg-agent must be started with --allow-preset-passhprase or have it in the config file # gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours # you may want to increase that if you want the password to be cached for the whole session KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)" /usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP \ <<< "$(keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG)" # Open graphical KeePassXC with password stored in pass, now that pass can be accessed # without entering credentials for the GPG key # This will also add SSH keys to ssh-agent keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)"