(These days I use Bitwarden and vaultwarden but maintain this until I'm confident that I won't need any of my "deprecated" passwords.)
(provide 'cce/pass)I use the standard unix
password manager, pass. I use the
Emacs support packages for these, unsurprisingly, and I have a custom Hydra to put the keybindings to copy passwords
hanging off of <SPC>k.
(use-package password-store
:after hydra
:config
(setq password-store-password-length 32)
:init
(defhydra hydra-pass ()
("p" (lambda() (interactive)
(background-shell-command "pass show last.fm"))
:exit t)
("c" password-store-copy :exit t)
("e" password-store-edit :exit t)
("g" password-store-generate :exit t)
("o" password-store-otp-token-copy :exit t))
:bind (:map evil-normal-state-map
("<SPC>k" . hydra-pass/body)))
(use-package password-store-otp
:after password-store){config, pkgs, ...}:
{
programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp exts.pass-genphrase ]);
settings = {
PASSWORD_STORE_DIR = "$HOME/.password-store/";
};
};
home.activation.password-store =
pkgs.lib.mkActivationLocalLink config # symlink helper (ref:activation_local_link)
"~/sync/password-store"
".password-store";
home.packages = [
pkgs.yubikey-personalization
];
programs.bash.initExtra = ''
gpg-connect-agent /bye
'';
programs.browserpass.enable = true;
}(activation_local_link) is a helper in mkActivationLocalLink.