* feat(age): Add unlock command to age agent
This change introduces a proper lock/unlock mechanism for the age agent.
The issue was that after locking the agent with `gopass age lock`, there was no way to unlock it without restarting the agent. This made the lock command mostly useless.
This change introduces a new `unlock` command for the agent and a `locked` state.
- The `lock` command now sets a `locked` flag to `true` in addition to clearing identities.
- The `decrypt` function in the agent now checks this `locked` flag and returns an error if the agent is locked.
- When the gopass client receives the "agent is locked" error, it will ask the user for their passphrase, reload the identities, and send them to the agent.
- A new `gopass age agent unlock` CLI command is added to trigger this new functionality.
- The `gopass age agent status` command is enhanced to report whether the agent is locked.
- The old top-level `gopass age lock` command is hidden, and a new `gopass age agent lock` command is introduced for consistency.
Fixes#3242
* feat(age): Add unlock command to age agent
This change introduces a proper lock/unlock mechanism for the age agent.
The issue was that after locking the agent with `gopass age lock`, there was no way to unlock it without restarting the agent. This made the lock command mostly useless.
This change introduces a new `unlock` command for the agent and a `locked` state.
- The `lock` command now sets a `locked` flag to `true` in addition to clearing identities.
- The `decrypt` function in the agent now checks this `locked` flag and returns an error if the agent is locked.
- When the gopass client receives the "agent is locked" error, it will ask the user for their passphrase, reload the identities, and send them to the agent.
- A new `gopass age agent unlock` CLI command is added to trigger this new functionality.
- The `gopass age agent status` command is enhanced to report whether the agent is locked.
- The old top-level `gopass age lock` command is hidden, and a new `gopass age agent lock` command is introduced for consistency.
I have also addressed the PR comment about the import alias. I have removed the alias and used a dot import instead to avoid the name collision.
Fixes#3242
* feat(age): Add unlock command to age agent
This change introduces a proper lock/unlock mechanism for the age agent.
The issue was that after locking the agent with `gopass age lock`, there was no way to unlock it without restarting the agent. This made the lock command mostly useless.
This change introduces a new `unlock` command for the agent and a `locked` state.
- The `lock` command now sets a `locked` flag to `true` in addition to clearing identities.
- The `decrypt` function in the agent now checks this `locked` flag and returns an error if the agent is locked.
- When the gopass client receives the "agent is locked" error, it will ask the user for their passphrase, reload the identities, and send them to the agent.
- A new `gopass age agent unlock` CLI command is added to trigger this new functionality.
- The `gopass age agent status` command is enhanced to report whether the agent is locked.
- The old top-level `gopass age lock` command is hidden, and a new `gopass age agent lock` command is introduced for consistency.
To avoid name collisions with the imported `filippo.io/age` package, the local `age` package has been renamed to `agecrypto`.
Fixes#3242
* feat(age): Add auto-lock feature to age agent
This change introduces an auto-lock feature for the age agent. The agent will now automatically lock itself after a configurable period of inactivity.
This change also includes the initial fix for issue #3242, which introduced a proper lock/unlock mechanism for the age agent.
- A new config option `age.agent-timeout` is added to specify the inactivity timeout in seconds.
- The agent now has a timer that is reset on every successful decryption operation.
- If the timer expires, the agent locks itself.
- A new `set-timeout` command is added to the agent protocol to configure the timeout.
- The gopass client sends the timeout to the agent when it starts or when it unlocks the agent.
- A new test `TestAgentAutoLock` is added to verify the new functionality.
To avoid name collisions with the imported `filippo.io/age` package, the local `age` package has been renamed to `agecrypto`.
Fixes#3242
* [fix] Fix lint issues
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
The integration test for this feature (`TestAgeAgent`) is currently failing. The issue is that the test environment is non-interactive, and the code path for initializing a new age store requires a password for the identity keyring, which triggers a `pinentry` call that fails without a TTY. I have tried several approaches to work around this, including setting the `GOPASS_PASSWORD` environment variable and providing a custom pinentry script, but none have been successful so far. The core implementation of the agent is believed to be correct, but the integration test needs further work to run in a non-interactive environment.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* Fix some test failures and add more logging.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix lint error
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix integration tests
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
We have some strange test failures on Windows and I can not identify any
root cause in this repo. It does look like either a Go or a GHA Windows
builder regression and I currently don't have the resources to properly
debug those. If you care about Windows, please help. Otherwise I have
to turn these off for now to unblock PR which are perfectly find on
other platforms.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* feat: handle referencing in passwords
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: use seq over slice to improve performance
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: handle error during reference following
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: provide a flag for not following references
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: disable ref following on edit and remove the flag
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: provide a configuration for follow-references
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct configuration tests
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct tests and document the new flag
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct integration test
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct tests
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
---------
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* add gitconfig extension from include
feature for #2458
RELEASE_NOTES=[FEATURE] Add support for gitconfig include
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
* use t.Setenv instead of os.Setenv, comment log
RELEASE_NOTES=n/a
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
* [fix] Fix writing merged configs
We must not write the content of the merged config to the base config.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [chore] Classify license
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix lint issues and one test
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix one failing test on Windows as a workaround
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Ignore two tests on windows
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
The experimental functions are now available in the standard library
in Go 1.23 [1].
[1]: https://go.dev/doc/go1.23#new-unique-package
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* [fix] Pass remote, if given, to local init as well
This should cover the case when creating a new team with
an existing remote.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Remote some noisy logging and correctly handle the passed remote
location.
Please note that the current implmentation will only work if the remote
is fully empty (i.e. git init --bare, nothing more). If you need to
work with a non-empty remote use gopass clone for the time being.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [bugfix] Fix loading of git configs
The gitconfig package was incorrectly using gopass specific
locations when trying to load global (per user) git configs.
This change makes it use the correct locations.
Fixes#2686
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix typo
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix linter issues
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix failing tests
Those started to fail because we are now correctly reading
global git configs.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [bugfix] Default to true for core.exportkeys even in substores
This PR changes the default for core.exportkeys from false to true
in mounted substores to match the default of the global root store.
It also refactors and simplifies the config package a little bit
by removing special typed lookup methods and replacing them with
conversion helpers that can be applied to any string.
Fixes#2830
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix config tests
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [CLEANUP] Moving options to the correct config section
This adds an easy migration path to our config handling, which should
allow us to migrate option names around much more easily in the future.
Any system level config or env variables options are not migrated.
This also fixes a bug in our test code, where the root mount path was
not properly set in our config, because we used "path:" instead of
"path=" to set it.
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [DOCUMENTATION] Document legacy options and their migration path
This also makes sure that legacy options aren't used in the code anymore using the docs test and its regexp
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [n/a] Removing weird spaces from changelog
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [DOCUMENTATION] Reformatting our Markdown tables properly
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [TESTING] Patching a timezone bug in tests
This is a fun one where if your Timezone isn't UTC and you are past midnight but it's not past midnight UTC, the tests would fail because you're not using the right date to validate it.
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [n/a] Fix a typo and use the correct Env variables in the doc about the custom Env variables
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [BREAKING] Custom Env options moved from GOPASS_CONFIG_CONFIG_KEY_i to GOPASS_CONFIG_KEY_i
As discussed in #2617, this actually reflects the way GIT_CONFIG works.
It also fixes a potential Panic in our codebase when IsSet was called
without any Preset config on a non-existing key.
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [CLEANUP] Patching all of the new linter complaints
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [CLEANUP] Use Go1.21 everywhere
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [n/a] Increase our Golangci timeout
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
* [n/a] code review comment and extra regression test
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
---------
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
This change adds a `core.autopush` configuration option (which defaults
to a value of `true`). This new configuration option is used in
post-write-ish actions, to determine if the remote repository should be
pushed to. In doing this, we support workflows where a user may want to
always push to the remote, but disable the behavior of "sync", which
fetches updates from remotes for all mounts (including the root store).
Closes: gopasspw/gopass#2551
Signed-off-by: sudoforge <9c001b67637a@sudoforge.com>
* Improve test isolation
These test shouldn't pick up user configs.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Use correct flag names for rcs init test
These flags must use the canonical names since they are not processed
by the CLI library and as such aliases are not applied.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Remove obsolete warning in fsck help
The default format should be fully compatible with other
password store implementations.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Remove unused "Verbose" context property
This was never set anywhere, so we can safely remove it.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Remove --clip option for the find command
When this is invoked as `gopass find` there is actually no
code path that leads to this flag being used.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Remove mount versions from the `version` command
The `version` command should generally only print the version and not
load the full config, trigger auto-sync and other operations the
happend when initializing the mounts.
Moving the mount point information to the new `mounts versions` command.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Update find integration test
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Do not run auto-sync if the command is `sync`
Otherwise sync might run twice.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Reset auto-sync if a full `sync` succeeds
Since a `gopass sync` without the `--store` option is the same
operation as an auto-sync we should reset the interval if it
was successfull.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Remove sync messages about importing and exporting keys
These usually don't take a lot of time and don't need a mention unless
they fail.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Refactor OTP action to reduce code complexity and duplication
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Clean up outdated Git documentation
`gopass` isn't configuring `git` to sign commits anymore.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit replaces `os.Setenv` with `t.Setenv` in tests. The
environment variable is automatically restored to its original value
when the test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.Setenv
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* Maintain secret structure when parsing
This commit introduces a new KV secret type ("AKV") that fully maintains
the secret format when parsing. As such it obsoletes the old KV and
Plain formats and the need for the core.parsing option.
Fixes#2431
RELEASE_NOTES=[ENHANCEMENT] Maintain secret structure when parsing
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Update internal/action/edit.go
Co-authored-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
* Address review comments
This brings back the noparsing flag since we need this to cover some
corners cases.
RELEASE_NOTES=n/a
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
This commit adds yet another config handler for gopass. It is based on
the format used by git itself. This has the potential to address a lot
of long standing issues, but it also causes a lot of changes to how we
handle configuration, so bugs are inevitable.
Fixes#1567Fixes#1764Fixes#1819Fixes#1878Fixes#2387Fixes#2418
RELEASE_NOTES=[BREAKING] New config format based on git config.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
address comments
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.
Prior to this commit, temporary directory created using `os.MkdirTemp`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
defer func() {
if err := os.RemoveAll(dir); err != nil {
t.Fatal(err)
}
}
is also tedious, but `t.TempDir` handles this for us nicely.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* Use OS Keyring to cache age passphrases
* Add askpass for age
Fixes#2350
RELEASE_NOTES=[ENHANCEMENT] Use OS keychain for age passphrase caching (new config option, off by default).
* Fix autoimport / exportkeys
This commit splits key import and export during sync. It will always
attempt to import missing public keys if they are found in the store.
Exporting is still controlled by exportkeys but that shouldn't affect
importing anymore. Also some logging and missing config defaults are
fixed.
Fixes#1980
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Update config tests
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Running gci in order to make sure we have properly deterministic imports
RELEASE_NOTES=n/a
Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
This commit replaces some overly complex constructs with type
parameters.
Fixes#2030
RELEASE_NOTES=[ENHANCEMENT] Generics
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
