Alfred client for the Pass-CLI

Alfred-based UI for pass.

• Features
• Requirements & installation
• Configuration
• Usage
• Troubleshooting
• Notes on security
• Credits

Features

• Copy password to the clipboard.
• Create a new entry.
• Delete an entry.
• Update the password of an entry.
• Inspect and copy non-password properties of an entry.
• Inherits settings from your .zshenv.
• Optionally trigger pass git push automatically after any change.
• As opposed to regular usage of pass, the copied password is treated as transient, meaning it does not appear in Alfred's clipboard history.

Requirements & installation

1. ➡️ Download the latest release

2. Install the requirements

    brew install pass pinentry-mac

3. Setup pass with a GPG key. See the pass website for further information.

4. Setup pinentry-mac as your pinentry-program:

    [[ -d "$HOME/.gnupg" ]] || mkdir "$HOME/.gnupg"
    echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" > $HOME/.gnupg/gpg-agent.conf
    gpgconf --kill gpg-agent # restart the agent

5. Optional: For additional security, you can disable storing the gpg password in the macOS keychain, ensuring that the password must be reentered every time:

    defaults write org.gpgtools.common DisableKeychain -bool yes

Configuration

This workflow reads all PASSWORD_STORE_* environment variables that have been added to your ~/.zshenv, so most configuration is done by exporting the respective variables in ~/.zshenv. Example: export PASSWORD_STORE_GENERATED_LENGTH=32.

For information about the available environment variables, see the pass man page.

[!NOTE] If you are using a custom password-store directory, you must export your PASSWORD_STORE_DIR in your ~/.zshenv for this workflow to work.

Usage

• Search your passwords via the keyword pw.
  • ⏎: Copy password to the clipboard.
  • ⌘⏎: Edit entry in your Terminal, using the Terminal configured in your Alfred settings and your $EDITOR.
  • ⌥⏎: Reveal .gpg file of the entry in Finder.
  • ⌃⏎: Delete the entry. (⚠️ This is irreversible if you are not using git.)
  • ⇧⏎: Show the full details of the entry. Select one of them to copy the value to your clipboard.
  • fn⏎: Generate a new password and overwrite this entry's password with it. Afterward, copy the new password. (⚠️ This removes the old password and is irreversible if you are not using git.)
• Use the keyword pw new to create a new entry. You are then prompted for a folder to place the new entry in. The password of the new entry is autogenerated based on your pass settings, or can be inserted from your clipboard.
• Use pw gen to generate a new password without creating a new entry.

Troubleshooting

Since the workflow is mostly a convenient wrapper around pass, most issues will be related to pass or gpg and not this workflow. Nonetheless, here some common troubleshooting tips:

• If there is an issue, open the Alfred debugger via cmd+d in the workflow window and see what is reported there.
• The error gpg: public key decryption failed: No pinentry sometimes arises when updating gpg keys or gpg itself. This is usually fixed by restarting gpg via gpgconf --kill gpg-agent.

Notes on security

• All contents copied by this clipboard are marked as "transient," meaning most clipboard history apps will ignore them, including Alfred's clipboard history.
• This workflow is just a convenient UI for pass. As such, no password is ever stored by this workflow in any way. The workflow is completely open source.

Credits

In my day job, I am a sociologist studying the social mechanisms underlying the digital economy. For my PhD project, I investigate the governance of the app economy and how software ecosystems manage the tension between innovation and compatibility. If you are interested in this subject, feel free to get in touch.

• Academic Website
• Mastodon
• ResearchGate
• LinkedIn

If you find this project helpful, you can support me via 🩷 GitHub Sponsors.