Akin to https://github.com/hazcod/enpass-cli/blob/master/pkg/enpass/vault_test.go

When type is set to -type="One-time Code", nothing is returned.

This should have 2 use cases though:

1. return the secret behind the OTP
2. return the OTP code and probably skip the auth for this

example:

$ enp -type="One-time Code" show <filter>
INFO[0003] > title: <filter-match>  login: XXX  cat.: XXX  OTP: otpauth://totp/XXX?secret=XXX&issuer=XXX
INFO[0003] > title: <filter-match>  login: XXX  cat.: XXX  OTP: XXX

$ enp otp <filter>
INFO[0003] > title: <filter-match> OTP: 123456
INFO[0003] > title: <filter-match> OTP: 234567

$ enp otp -title <title> # Exact single match otherwise error
123456

Trying out some basic commands works on a primary, local vault but doing the same on Dropbox or OneDrive connected vaults just gives me

ERRO[0002] could not open vault                          error="could not connect to database: file is not a database"

Are those really not supported or am I missing something?

Hello!

I'm looking for functionality similar to secret=$(pass amazon.com) so the secret can be used in scripts. From what I've seen such functionality doesn't exist or I haven't found it but it would be really useful!

Thanks and keep up the good work!

Hi,

Thanks for your work on this. I noticed in the README you mentioned that you were looking for a new maintainer. I'd be willing to pitch in there, and would also like to help with the 6.x compatibility. Let me know how to proceed.

Thanks!

In the description you mention that you do not use enpass any longer. Did you find something similar which supports CLI interface? It so, would be nice to link it in the description as well.
Thank you for your efforts!

Please re-add the GPL license from the original project: https://github.com/steffen9000/enpass-decryptor

Other than that, nice work.

The issue that I get is an "Invalid Password" error.

So with the code I added with my forks, I removed the import statement from pysqlcipher3 because it didn't work on Linux. The original import statement worked just fine on OS X.

This was the original statement:
from pysqlcipher3 import dbapi2 as sqlite

I changed it to:
from sqlite3 import dbapi2 as sqlite

Which fixed the issue described here of 'pysqlcipher3 module not found': Install Issues

However, I can't seem to decrypt the file on Linux. This is the output of the error that I get:
sqlite3.DatabaseError: file is not a database which results in an "Invalid Password" notification due to the try/except statement.

I tried using the original code from your commit history before my forks but that won't work as I keep running into the 'pysqlcipher3 module not found'.

Any ideas on knowing how to fix this on Linux? I have only tested on Ubuntu and Kali Linux. I have not tried the program on any non-Debian based Linux distros yet.

A minimum PIN length of 4 characters is set in the Enpass app itself. cli access should keep the same length

The release workflow seems to miss some dependencies to be able to cross-compile to e.g. freebsd.

Hi,

Thanks for the repository, It's really a need for enpass.

I was wondering, is it possible to add a list command? If there's a list command then this tool will have a wide ranged of applications which can be used. e.g. Alfred workflow.

So, I just downloaded release 1.0.1 for linux-amd64, and after getting it to point properly to my vault path, of $HOME/Documents/Enpass/Vaults/primary, it gave me this error:

FATA[0003] could not open vault error="could not open v: could not open database: sql: unknown driver "sqlite3" (forgotten import?)"

BTW, really glad you came back to work on this. And it seems like golang might be the way to go with this. 👍

Need power now red dot haha

in getCards() and CardCompleter(), it's trying to open getScriptPath() + '/.enpass' for write. If pass.py were installed to /usr/bin or /usr/local/bin, this would fail to work because of permissions.

Instead it should be using either $HOME/.enpass_cli, or even better $XDG_CONFIG_HOME with default to $HOME/.config, appending enpass_cli/config to the result of the former, and of course, automatically creating the directories up as needed.

Reference: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

(e.g. checkpatch.pl).

Line: 35
https://github.com/hazcod/enpass-cli/blob/c6d4e8a5e57fc603da58d8311b18cbaeee42db44//.git/hooks/sendemail-validate.sample#L32-L42

I know, that the usage on the frontpage says to specify -type=password, but people are lazy / do not read the help.

I'd suggest to use type password as default, so that this:

ubuntu :: ~ % enpasscli -vault ~/go/src/github.com/hazcod/enpass-cli/test/ list
Enter master password: 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 
INFO[0003] > title: mylogin  login: myusername  cat. : login 

does not happen (the vault contains one entry)

Terminology: https://specifications.freedesktop.org/clipboards-spec/clipboards-latest.txt

It should be possible to control which X selection enpasscli copy writes to. By default it always writes to clipboard but primary may be useful for many scenarios, e.g. paste by middle mouse click or bypass clipboard managers logging entries.

(e.g. quick build, coding style checks, etc.).

Line: 41
https://github.com/hazcod/enpass-cli/blob/c6d4e8a5e57fc603da58d8311b18cbaeee42db44//.git/hooks/sendemail-validate.sample#L38-L48

Is this going to stay read-only? What obstacles are in the way of implementing "create", "edit", etc?

Output of python -m pip install -r requirements.txt:

Requirement already satisfied: pycrypto in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
Collecting pysqlcipher3 (from -r requirements.txt (line 2))
  Using cached pysqlcipher3-1.0.2.tar.gz
Collecting argcomplete (from -r requirements.txt (line 3))
  Using cached argcomplete-1.9.2-py2.py3-none-any.whl
Installing collected packages: pysqlcipher3, argcomplete
  Running setup.py install for pysqlcipher3: started
    Running setup.py install for pysqlcipher3: finished with status 'done'
Exception:
Traceback (most recent call last):
  File "/home/user/.local/lib/python2.7/site-packages/pip/basecommand.py", line 215, in main
    status = self.run(options, args)
  File "/home/user/.local/lib/python2.7/site-packages/pip/commands/install.py", line 342, in run
    prefix=options.prefix_path,
  File "/home/user/.local/lib/python2.7/site-packages/pip/req/req_set.py", line 784, in install
    **kwargs
  File "/home/user/.local/lib/python2.7/site-packages/pip/req/req_install.py", line 851, in install
    self.move_wheel_files(self.source_dir, root=root, prefix=prefix)
  File "/home/user/.local/lib/python2.7/site-packages/pip/req/req_install.py", line 1064, in move_wheel_files
    isolated=self.isolated,
  File "/home/user/.local/lib/python2.7/site-packages/pip/wheel.py", line 345, in move_wheel_files
    clobber(source, lib_dir, True)
  File "/home/user/.local/lib/python2.7/site-packages/pip/wheel.py", line 316, in clobber
    ensure_dir(destdir)
  File "/home/user/.local/lib/python2.7/site-packages/pip/utils/__init__.py", line 83, in ensure_dir
    os.makedirs(path)
  File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/argcomplete'

BTW, I believe that sqlcipher-dev is called libsqlcipher-dev on Debian distros, might be worth pointing out in the README.

Similarly to how the desktop GUI handles it, when copying the password from the Enpass wallet, the CLI should clear the password from the clipboard after, say, 30 seconds so the password does not remain in the user's clipboard. I keep having to run xsel -bc after copying my passwords and it would be nice if the CLI could handle this. Maybe the process could fork to the background and set the clipboard to a space or null character then terminate.

Running this command fails on macOS 10.15.7

CGO_ENABLED=1 go build -v -ldflags='-w -s -extldflags "-static -linkmode=external" -X main.version=1.0.2' ./cmd/enpasscli/main.go

golang.org/x/crypto/pbkdf2
golang.org/x/net/context
golang.org/x/sys/unix
github.com/atotto/clipboard
github.com/pkg/errors
github.com/miquella/ask
github.com/mutecomm/go-sqlcipher
github.com/sirupsen/logrus
github.com/hazcod/enpass-cli/pkg/enpass
command-line-arguments
# command-line-arguments
/usr/local/Cellar/go/1.15.7/libexec/pkg/tool/darwin_amd64/link: running clang failed: exit status 1
ld: library not found for -lcrt0.o
clang: error: linker command failed with exit code 1 (use -v to see invocation)

I've installed enpass-cli but got this error

∴ ./pass.py --help
Traceback (most recent call last):
  File "./pass.py", line 4, in <module>
    from pysqlcipher3 import dbapi2 as sqlite
ImportError: No module named 'pysqlcipher3'

Do not know how to proceed. Can you help me?

A great improvement would be to be able to pass the master password as a parameter to be able to directly unlock the vault

e.g.:

enpasscli -vault=/xxxxxxxxxxxxx/Vaults/primary -masterpass <PASSWORD> list

To reproduce

• download a binary for v1.4.0
• run the command with no arguments

./enpasscli

Hi!

enpass-cli is mostly working fine for me. I'm using the current App Store version of Enpass (macOS 6.8.1 (1060)).

Unfortunately, some of the items fail to decrypt:
% enp -log debug show 'redacted'
DEBU[0000] checking provided vault paths
DEBU[0000] loading vault info
DEBU[0000] vault info loaded vault_name=Standard vault_version=6
DEBU[0000] initialized paths db_path=vault.enpassdb info_path=vault.json
DEBU[0000] PIN disabled
Enter master password:
DEBU[0003] generating database key
DEBU[0003] generating master password
DEBU[0003] not using keyfile
DEBU[0003] extracting salt from database
DEBU[0003] deriving decryption key
DEBU[0003] opening encrypted database
DEBU[0003] opened vault
ERRO[0004] could not decrypt redacted error="could not decrypt data: cipher: message authentication failed"
DEBU[0004] closed vault error=""

Line: 27
https://github.com/hazcod/enpass-cli/blob/c6d4e8a5e57fc603da58d8311b18cbaeee42db44//.git/hooks/sendemail-validate.sample#L24-L34

Hey there, firstly thanks a lot for the tool, it is very helpful when working mostly with CLI.

I recently noticed while incorporating enpasscli in some bash scripts that all non-successful exits return 1, e.g. when unable to copy because the card wasn't found:

$ enp copy asdf || echo "Exit code: $?"
Enter master password: <VALID>
FATA[0004] card not found                               
Exit code: 1

However it would be useful to have distinct exit code for providing an invalid master password. Currently it also returns 1:

$ enp copy asdf || echo "Exit code: $?"
Enter master password: <INVALID>
FATA[0001] could not retrieve cards                      error="could not retrieve cards from database: file is not a database"
Exit code: 1

Now I'm not at all familiar with golang, but if I'm not mistaken we'd simply need to add e.g. os.Exit(2) in the error checks after getting the entries from the vault. I guess that'd be sufficient for my needs at least.

WDYT?

One of my favorite things about Enpass is the ability to quickly unlock my vaults with my fingerprint on my Mac. What are the chances of supporting that?