commit 962527b6327614b2e16bb90bb07c7d858c8faadb
parent 797ff02fc54abc3ddfc309f05d087b48fffee40c
Author: Sean Enck <sean@ttypty.com>
Date: Tue, 26 Oct 2021 18:49:17 -0400
'macos' now should run as 'command' mode
Diffstat:
2 files changed, 5 insertions(+), 16 deletions(-)
diff --git a/README.md b/README.md
@@ -14,14 +14,14 @@ Currently `lb` is only working/developed on macOS (though it could be extended t
The following variables must be set to use `lb`
-For _macos_ set
+For example set:
```
-# the keychange key name
-LOCKBOX_KEY=com.domain.keyname
+# the keying object to use to ACTUALLY unlock the passwords
+LOCKBOX_KEY="gpg --decrypt /Users/alice/.secrets/key.gpg"
# the location, on disk, of the password store
LOCKBOX_STORE=/Users/alice/.passwords
-# the keychain is macos keychain
-LOCKBOX_KEYMODE=macos
+# the keymode is a command
+LOCKBOX_KEYMODE="command"
# to utilize totp token generation set the offset (within the repository) where totp tokens are saved
LOCKBOX_TOTP=keys/totp/
```
diff --git a/internal/encdec.go b/internal/encdec.go
@@ -17,8 +17,6 @@ const (
keyLength = 32
nonceLength = 24
padLength = 256
- // MacOSKeyMode is macOS based key resolution.
- MacOSKeyMode = "macos"
// PlainKeyMode is plaintext based key resolution.
PlainKeyMode = "plaintext"
// LockboxKeyMode is a lockbox-based daemon key resolution.
@@ -69,15 +67,6 @@ func NewLockbox(key, keyMode, file string) (Lockbox, error) {
func getKey(keyMode, name string) ([]byte, error) {
var data []byte
switch keyMode {
- case MacOSKeyMode:
- // the insert for this is
- // > security add-generic-password -a NAME -s NAME -w PASSWORD
- cmd := exec.Command("security", "find-generic-password", "-a", name, "-s", name, "-w")
- b, err := cmd.Output()
- if err != nil {
- return nil, err
- }
- data = b
case CommandKeyMode:
parts := strings.Split(name, " ")
cmd := exec.Command(parts[0], parts[1:]...)
