Unix pass and dmenu

Tue 21 November 2017
tags: laptop

I have been using the standard Unix password manager, pass, for some time. I like pass; it's really simple and I understand what it does. I simply have a ~/.password-store directory on my machine that contains subdirectories and gpg-encrypted files that contain passwords or any other sensitive data. pass can then be invoked with a relative path (minus the .gpg suffix) to print the contents of the associated password file to stdout. It also allows us to easily insert new passwords into the "database" by typing them in (and pass invokes gpg for us).

Another awesome tool I have been using is dmenu, which I use for launching programs. One of the most awesome things about dmenu is that it is not actually about launching programs at all. What it really is is a discreet graphical interface for displaying a bunch of options and allowing the user to select one, while providing sweet tab completion and displaying only the relevant options depending on the prefix that the user has already typed.

I recently discovered an awesome marriage of these two individually awesome tools in the form of passmenu. I launch passmenu with a key combination, use it to select the password that I wish to input, and the password is typed for me, as if I had input it myself from the keyboard (using xdotool).

It is difficult for me to describe quite how awesome this is. Mostly I need passwords to log in to various web services, which mean that they need to be typed in to a browser window. Many people use the browser's built-in password manager for this, but I am quite uneasy about keeping this information in the browser; anyone with access to my computer could log in as me! Previously I would open a terminal window, launch pass, and copy/paste the password into the browser. Now, using passmenu, I can simply hit Alt-P, start typing the identifier for the password I need, hit enter, and have the password typed straight out for me! In addition passmenu is a quintessential example of the Unix philosophy of combining existing tools to create new ones. The source for passmenu is literally a 25 line shell script. The core logic is essentially the following pipeline:

echo $password_names | dmenu | xargs pass show | xdotool type

Obviously the password names are not hardcoded into the script, and the commands take a few more flags to do things like remove control characters, but that is basically it!