More on pass

The approach to password management that I am trialing (detailed here) is almost perfect. The one thing that was bugging me was that I could not get bash completion to work. And when I am visiting that becomes something of a nuisance.

What was the problem? Short version: a missing forward slash in a directory name.

Long version: I had installed the password store in a Dropbox subfolder so that I could access it on multiple machines. That meant that I needed to set the environment variable PASSWORD_STORE_DIR to its location. Consequently I had this line in ~/.bash_profile:

export PASSWORD_STORE_DIR=~/Dropbox/.password-store

This looked like it was working. pass was storing and recalling passwords quite happily; the password store was synchronizing across my machines. So why the heck was bash completion not working?

Next step: try bash completion after I have turned on command and parameter logging. I do this in bash thus:

$ set -x

The effect of this command is

$ help set
-x  Print commands and their arguments as they are executed

When I have pass attempt to complete after the first two characters, I get this:

$ pass am+ COMPREPLY=()
+ local cur=am
+ local 'commands=init ls find grep show insert generate edit rm mv cp git help version'
+ [[ 1 -gt 1 ]]
+ COMPREPLY+=($(compgen -W "${commands}" -- ${cur}))
++ compgen -W 'init ls find grep show insert generate edit rm mv cp git help version' -- am
+ _pass_complete_entries 1
+ prefix=/Users/robert/Dropbox/.password-store
+ suffix=.gpg
+ autoexpand=1
+ local 'IFS=
+ items=($(compgen -f $prefix$cur))
++ compgen -f /Users/robert/Dropbox/.password-stoream
+ local items

That compgen command in the penultimate line does not look correct, does it? It rather looks as if I need to add a terminating / to the value in PASSWORD_STORE_DIR.

So I turn off logging (set +x), append the forward-slash to the directory name and bingo, bash completion is working.

Password management: at last, a simple solution

If I want to use Keepass on OSX then I need to install Mono and that galls.

Lastpass looks nice and shiny. I tried it for a couple of weeks but I found one too many sites with which it did not play nice (refusing to populate the fields on my bank's login screen, specifically) so no, that won't do.

I was about to use my old approach of using GPG to encrypt a big ugly text file when I came across pass. Now that looks interesting. It uses GPG, it has useful off-the-shelf functionality (add/edit/delete/copy to clipboard), and it has a flexible structure that allows one to manage additional PINs and security questions. Importantly, I do not decrypt every one of my passwords simultaneously when I just need one of them, which is a less than desirable side effect of my current approach.

I suspect that it will fit in nicely with the command line tools that I use to manage my to-do lists (Taskwarrior) and Engineer's Notebook (jrnl).

I shall install it and report back.