blob: 82d4a7b6824ab6941c5a1766c7c699b6d20e1cce (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
#!/bin/bash
#
# Initalizes various identity management programs
#
# Must be run with bash (or probably any other shell that is not narrowly posix-compliant)
# to use here-string redirection
#
# This is a very short script but may require some explanation as to its purpose.
#
# I use both KeePassXC and pass for password management. This may seem redundant, and in some
# aspects it probably is, but for me each program has a purpose that the other cannot fill
# completely. Pass is great for programmatic access of passwords because of its use of
# gpg-agent, and KeePassXC's integration with ssh-agent is very useful.
#
# This script first caches the passhphrase for the GPG key which allows further use of the
# key without a prompt for a password - this of course applies to pass as well since it uses
# the gpg key. KeePassXC is then opened, which also adds the SSH keys to the ssh-agent.
#
# KeePassXC, pass, gpg-agent, and ssh-agent are then all initialized and ready to be
# used without any further user input, with just one set of credentials.
# Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC
# Caching the GPG passphrase will allow access to pass without user input
#
# gpg-agent must be started with --allow-preset-passhprase or have it in the config file
# gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours
# you may want to increase that if you want the password to be cached for the whole session
KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)"
/usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP \
<<< "$(keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG)"
# Open graphical KeePassXC with password stored in pass, now that pass can be accessed
# without entering credentials for the GPG key
# This will also add SSH keys to ssh-agent
keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)"
|