The Complete Computing Environment

Using Pass for Passwords

LifeTechEmacsTopicsArcology
(provide 'cce/pass)

I use the standard unix password manager, pass. I use the Emacs support packages for these, unsurprisingly, and I have a custom Hydra to put the keybindings to copy passwords hanging off of <SPC>k.

(use-package password-store
  :after hydra
  :config
  (setq password-store-password-length 32)
  :init
  (defhydra hydra-pass ()
    ("p" (lambda() (interactive)
           (background-shell-command "pass show last.fm"))
         :exit t)
    ("c" password-store-copy :exit t)
    ("e" password-store-edit :exit t)
    ("g" password-store-generate :exit t)
    ("o" password-store-otp-token-copy :exit t))
  :bind (:map evil-normal-state-map
         ("<SPC>k" . hydra-pass/body)))
(use-package password-store-otp
  :after password-store)
{config, pkgs, ...}:
{
  programs.password-store = {
    enable = true;
    package = pkgs.pass.withExtensions (exts: [ exts.pass-otp exts.pass-genphrase ]);
    settings = {
      PASSWORD_STORE_DIR = "$HOME/.password-store/";
    };
  };

  home.activation.password-store =
    pkgs.lib.mkActivationLocalLink config # symlink helper (ref:activation_local_link)
      "~/sync/password-store"
      ".password-store";

  home.packages = [
    pkgs.yubikey-personalization 
  ];

  programs.bash.initExtra = ''
    gpg-connect-agent /bye
  '';

  programs.browserpass.enable = true;
}

(activation_local_link) is a helper in mkActivationLocalLink.