We want to be able to build using the latest Go version, the one that
most large distros ship (e.g. right now that is 1.24) and possibly older
versions.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Previously `gopass version` would always print an upgrade notice
when build from source even if there were no newer releases.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit adds capslock and govulncheck to help us identify
vulnerabilities and possible supply chain attacks through added
capacilities in dependencies. The signal for this repop is low since
we have to rely on a large number of direct filesystem access
and subprocess executions but it seems worth a try.
Fixes#3254
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* feat: Add cryptfs storage backend for filename encryption
This commit introduces a new storage backend called `cryptfs`. This backend encrypts the filenames of secrets to enhance privacy while maintaining compatibility with existing VCS backends like Git.
Key features:
- For each secret, a cryptographically secure hash (SHA-256) of its name is generated and used as the filename for the underlying storage.
- A mapping from the original secret name to the hashed filename is maintained in an encrypted file (`.gopass-mapping.age`) within the repository.
- The mapping file is encrypted using the `age` encryption backend, with recipients read from the store's `.age-recipients` file.
- The `cryptfs` backend is implemented as a wrapper around any existing storage backend (e.g., `gitfs`, `fs`), which can be configured by the user.
- The backend is registered with gopass and can be enabled by setting `storage: cryptfs` in the store's configuration.
This implementation addresses issue #2634.
* [fix] Fix lint errors
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [chore] Fix the remaining tests and add some docs.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
This change adds GoDoc comments to many of the public symbols in the
`pkg/` directory. It also includes various improvements to the
documentation in `README.md` and other markdown files in the `docs/`
directory.
This is a partial documentation effort, as requested by the user, to
get a pull request submitted quickly.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* feat: Clone remote on init
When a remote is provided to the init command, try to clone it first.
If the cloned repository is not empty, use it as the password store.
Otherwise, initialize a new password store.
* feat: Clone remote on setup
When a remote is provided to the setup command, try to clone it first.
If the cloned repository is not empty, use it as the password store.
Otherwise, initialize a new password store.
* [fix] Remove init during clone
When we clone a repo we never want to initialize it automatically.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
* feat: Add regression test for issue #2571
This commit adds a regression test for issue #2571. The issue describes a scenario where `gopass sync` incorrectly removes public keys for sub-stores under certain conditions.
The new integration test in `tests/sync_test.go` reproduces the steps outlined in the GitHub issue to ensure that the public key is not deleted after running `gopass sync`.
* [fix] Fix lint errors
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
* feat(age): Add unlock command to age agent
This change introduces a proper lock/unlock mechanism for the age agent.
The issue was that after locking the agent with `gopass age lock`, there was no way to unlock it without restarting the agent. This made the lock command mostly useless.
This change introduces a new `unlock` command for the agent and a `locked` state.
- The `lock` command now sets a `locked` flag to `true` in addition to clearing identities.
- The `decrypt` function in the agent now checks this `locked` flag and returns an error if the agent is locked.
- When the gopass client receives the "agent is locked" error, it will ask the user for their passphrase, reload the identities, and send them to the agent.
- A new `gopass age agent unlock` CLI command is added to trigger this new functionality.
- The `gopass age agent status` command is enhanced to report whether the agent is locked.
- The old top-level `gopass age lock` command is hidden, and a new `gopass age agent lock` command is introduced for consistency.
Fixes#3242
* feat(age): Add unlock command to age agent
This change introduces a proper lock/unlock mechanism for the age agent.
The issue was that after locking the agent with `gopass age lock`, there was no way to unlock it without restarting the agent. This made the lock command mostly useless.
This change introduces a new `unlock` command for the agent and a `locked` state.
- The `lock` command now sets a `locked` flag to `true` in addition to clearing identities.
- The `decrypt` function in the agent now checks this `locked` flag and returns an error if the agent is locked.
- When the gopass client receives the "agent is locked" error, it will ask the user for their passphrase, reload the identities, and send them to the agent.
- A new `gopass age agent unlock` CLI command is added to trigger this new functionality.
- The `gopass age agent status` command is enhanced to report whether the agent is locked.
- The old top-level `gopass age lock` command is hidden, and a new `gopass age agent lock` command is introduced for consistency.
I have also addressed the PR comment about the import alias. I have removed the alias and used a dot import instead to avoid the name collision.
Fixes#3242
* feat(age): Add unlock command to age agent
This change introduces a proper lock/unlock mechanism for the age agent.
The issue was that after locking the agent with `gopass age lock`, there was no way to unlock it without restarting the agent. This made the lock command mostly useless.
This change introduces a new `unlock` command for the agent and a `locked` state.
- The `lock` command now sets a `locked` flag to `true` in addition to clearing identities.
- The `decrypt` function in the agent now checks this `locked` flag and returns an error if the agent is locked.
- When the gopass client receives the "agent is locked" error, it will ask the user for their passphrase, reload the identities, and send them to the agent.
- A new `gopass age agent unlock` CLI command is added to trigger this new functionality.
- The `gopass age agent status` command is enhanced to report whether the agent is locked.
- The old top-level `gopass age lock` command is hidden, and a new `gopass age agent lock` command is introduced for consistency.
To avoid name collisions with the imported `filippo.io/age` package, the local `age` package has been renamed to `agecrypto`.
Fixes#3242
* feat(age): Add auto-lock feature to age agent
This change introduces an auto-lock feature for the age agent. The agent will now automatically lock itself after a configurable period of inactivity.
This change also includes the initial fix for issue #3242, which introduced a proper lock/unlock mechanism for the age agent.
- A new config option `age.agent-timeout` is added to specify the inactivity timeout in seconds.
- The agent now has a timer that is reset on every successful decryption operation.
- If the timer expires, the agent locks itself.
- A new `set-timeout` command is added to the agent protocol to configure the timeout.
- The gopass client sends the timeout to the agent when it starts or when it unlocks the agent.
- A new test `TestAgentAutoLock` is added to verify the new functionality.
To avoid name collisions with the imported `filippo.io/age` package, the local `age` package has been renamed to `agecrypto`.
Fixes#3242
* [fix] Fix lint issues
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
The move implementation would always try to commit, even if the caller
did set this to false.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
The reorg command was only listing top-level folders, which made it
difficult to move secrets in bulk. This change modifies the reorg
command to list all secrets recursively, one per line, with their full
name. This is achieved by changing the maxDepth parameter of the
Store.List call to -1, which signifies an infinite depth.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This change improves the usability of the `gopass mounts add` command by making the `alias` argument optional.
If the `alias` is not provided, it is automatically derived from the base name of the provided path. This makes the command more intuitive to use, as users can now simply provide the path to the store they want to mount.
The help text for the command has also been updated to reflect this new usage pattern.
Fixes#2952
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
When using `gopass edit` with the fuzzy match feature the recipients
check might incorrectly target the root store when the actual secret
would be in a mount (and might have correct recpients).
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* feat: add reorg command for bulk secret reorganization
This commit introduces the `gopass reorg` command, which allows for bulk reorganization of secrets within a password store.
The command works by listing secrets in a temporary file, which the user can then edit in their default editor. After the editor is closed, gopass calculates the necessary moves, shows a diff for confirmation, and then executes the moves as a single commit.
This feature addresses issue #1866, providing a more efficient way to manage large password stores.
* feat: add reorg command for bulk secret reorganization
This commit introduces the `gopass reorg` command, which allows for bulk reorganization of secrets within a password store.
The command works by listing secrets in a temporary file, which the user can then edit in their default editor. After the editor is closed, gopass calculates the necessary moves, shows a diff for confirmation, and then executes the moves as a single commit.
This feature addresses issue #1866, providing a more efficient way to manage large password stores.
* feat: add reorg command for bulk secret reorganization
This commit introduces the `gopass reorg` command, which allows for bulk reorganization of secrets within a password store.
The command works by listing secrets in a temporary file, which the user can then edit in their default editor. After the editor is closed, gopass calculates the necessary moves, shows a diff for confirmation, and then executes the moves as a single commit.
This feature addresses issue #1866, providing a more efficient way to manage large password stores.
* feat: add reorg command for bulk secret reorganization
This commit introduces the `gopass reorg` command, which allows for bulk reorganization of secrets within a password store.
The command works by listing secrets in a temporary file, which the user can then edit in their default editor. After the editor is closed, gopass calculates the necessary moves, shows a diff for confirmation, and then executes the moves as a single commit.
This feature addresses issue #1866, providing a more efficient way to manage large password stores.
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* fix(gpg): Opportunistic key comparison on import
When importing keys gopass was already checking if the key was already present.
However, GPG is very flexible in which kind of key IDs it accepts. So it could happen that gopass would ask to import a key that is already present in the keyring, but referenced by a different ID.
This change makes the check more robust by checking the key's fingerprint before asking for import. If a key with the same fingerprint is already present, the import is skipped.
* fix(gpg): Opportunistic key comparison on import
When importing keys gopass was already checking if the key was already present.
However, GPG is very flexible in which kind of key IDs it accepts. So it could happen that gopass would ask to import a key that is already present in the keyring, but referenced by a different ID.
This change makes the check more robust by checking the key's fingerprint before asking for import. If a key with the same fingerprint is already present, the import is skipped.
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This reverts commit a828cada8f19e946d7db785dd0abfd74caf06a82.
The change of mime-type (away from text/plain) of the clipped text that
this causes is problematic, and is not yet supported everywhere. A
change like this needs to be tested more thoroughly. See:
https://github.com/gopasspw/gopass/issues/3233
Signed-off-by: Daniel Lublin <daniel@lublin.se>
* feat: Allow to customize commit messages
This change introduces the ability for users to customize the commit
message when performing actions that modify the secret store.
It adds two new flags to the `edit`, `insert`, `generate`, `copy`,
`move`, and `delete` commands:
- `--commit-message` (`-m`): to specify the commit message directly.
- `--interactive-commit` (`-i`): to open an editor for the commit
message.
The default behavior of using a pre-defined commit message is
preserved.
* fix: Use correct commit message from context
This change fixes a bug where the commit message from the context was
not being used correctly in the `delete` function.
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
gopass is in fact compatible with pass (aka password-store.org)
and can be used as a drop-in replacement.
This commit adds a note about this to the README, the FAQ, and
the setup documentation. It also explains some of the differences
in features.
Fixes#3195
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
The handling of the `core.exportkeys` configuration setting was
inconsistent across the application.
In `internal/store/leaf/recipients.go`, the value was read using
`config.AsBoolWithDefault(..., true)`. This was introduced as a fix
for #2848 to ensure that public keys were exported by default, even
in substores.
However, other parts of the code, such as `internal/action/sync.go`,
used `config.AsBool(...)`. This resulted in different behaviors
depending on the gopass command being executed. For a substore without
the `core.exportkeys` key explicitly set, modifying recipients would
default to `true`, while a `gopass sync` would default to `false`.
This inconsistency is the likely cause of the user's report in issue
#3227 about the default value changing.
This change harmonizes the behavior by using `config.AsBool` in
`recipients.go`, making it consistent with the rest of the codebase
and the recommendation in AGENTS.md to use the `config.Bool` helper
(which uses `AsBool`).
While this may re-introduce the issue that #2848 aimed to solve (where
substores default to not exporting keys), it fixes the immediate problem
of inconsistent behavior. The root cause appears to be in how substores
inherit configuration, which should be addressed separately.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Most distributions do not package 1.25 yet and we do not rely on 1.25
features so far. Make sure to propagate the go.mod version and not the
Go version used to build/run in the postrel helper.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
