This change adds GoDoc comments to many of the public symbols in the
`pkg/` directory. It also includes various improvements to the
documentation in `README.md` and other markdown files in the `docs/`
directory.
This is a partial documentation effort, as requested by the user, to
get a pull request submitted quickly.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This reverts commit a828cada8f19e946d7db785dd0abfd74caf06a82.
The change of mime-type (away from text/plain) of the clipped text that
this causes is problematic, and is not yet supported everywhere. A
change like this needs to be tested more thoroughly. See:
https://github.com/gopasspw/gopass/issues/3233
Signed-off-by: Daniel Lublin <daniel@lublin.se>
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
The integration test for this feature (`TestAgeAgent`) is currently failing. The issue is that the test environment is non-interactive, and the code path for initializing a new age store requires a password for the identity keyring, which triggers a `pinentry` call that fails without a TTY. I have tried several approaches to work around this, including setting the `GOPASS_PASSWORD` environment variable and providing a custom pinentry script, but none have been successful so far. The core implementation of the agent is believed to be correct, but the integration test needs further work to run in a non-interactive environment.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* Fix some test failures and add more logging.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix lint error
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix integration tests
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
* feat: handle referencing in passwords
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: use seq over slice to improve performance
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: handle error during reference following
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: provide a flag for not following references
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: disable ref following on edit and remove the flag
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* feat: provide a configuration for follow-references
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct configuration tests
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct tests and document the new flag
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct integration test
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* fix: correct tests
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
---------
Signed-off-by: Parham Alvani <parham.alvani@gmail.com>
* add gitconfig extension from include
feature for #2458
RELEASE_NOTES=[FEATURE] Add support for gitconfig include
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
* [fix] Fix writing merged configs
We must not write the content of the merged config to the base config.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix lint issues and one test
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [feat] Add conditional includes for gitconfig
This chnage adds conditional includes for our gitconfig.
So far we only support gitdir: filters, but other conditions
can be added as needed.
Fixes#3126
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix one lint issue
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix tests
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Ignore one test on windows
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
* add gitconfig extension from include
feature for #2458
RELEASE_NOTES=[FEATURE] Add support for gitconfig include
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
* use t.Setenv instead of os.Setenv, comment log
RELEASE_NOTES=n/a
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
* [fix] Fix writing merged configs
We must not write the content of the merged config to the base config.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [chore] Classify license
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix lint issues and one test
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix one failing test on Windows as a workaround
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Ignore two tests on windows
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: Sergei Suslov <sergey.suslov.nsk@gmail.com>
* [feat] Replace clipboard library to support wl-copy args
This change should allow us to protect sensitive content
from being captured in some clipboard managers on KDE.
Fixes#2611
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [chore] Update clipboard dep
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Update clipboard
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Pull in some (critical) updates. None of these should affect us,
but dependabot still keeps complaining.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix test regressions
This change fixes some tests that did start to fail at some point.
I can't tell for sure when they broke (didn't bisect) and if that
breakage is isolated to my system or not. But I need to fix them
anyway.
Fixes#3115
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Add missing files.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix test failure
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix one more version test
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
The experimental functions are now available in the standard library
in Go 1.23 [1].
[1]: https://go.dev/doc/go1.23#new-unique-package
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* [FEATURE] Allow for non-interactive age setup
Also updates Go to Go 1.23.2 and get rid of min and max functions
Signed-off-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
* [n/a] also renaming clear for Windows
Signed-off-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
* [n/a] bumping our GHA to Go 1.23
Signed-off-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
* [n/a] make our harden runner softer
Signed-off-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
* [n/a] make our harden runner accept go.dev
Signed-off-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
* [n/a] applying code review changes
Signed-off-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
---------
Signed-off-by: Yolan Romailler <AnomalRoil@users.noreply.github.com>
Replace `~` with user home directory if `$GOPASS_HOMEDIR` is not set, does not replace `~` if neither are set.
Fixes#2916
Signed-off-by: Callum Andrew <contact@candrew.net>
syntax specification.
The gitconfig format (which is an INI format) does recommend but
not require whitespaces around equal signs that separate keys
and values.
Fixes#2910
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* chore: Switch to static list of linters
The old approach was prone to random CI failures when a golangci-lint
was updated and did enable new linters. This approach means we will have
to update the include list from time to time but won't get random CI
failures.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* fix: Update enabled linters to be compatible with GHA
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
