KeePassXC issues

After posting my previous message, I realized that the question of “why nyxt does not remember the password entered by the user in the prompt buffer” was raised in the first message by @ko56. The answer suggested that it was a property of the password manager tool (Pass or KeePassXC). But I disagree with that because at least for KeePassXC, the keepassxc-interface has a slot for master-password and that value is fed on the input stream to keepassxc-cli for various queries (eg list-passwords, clip-password, clip-username). So I was expecting that once master-password was setf in the loop sexp of password:complete-interface, there would be no need to enter it again for the duration of the nyxt session. But that was not happening.

The solution I discovered is the following: in my $XDG_CONFIG_HOME/nyxt/config.lisp file, there was already initialization code for password-file and key-file like below:

(defmethod initialize-instance :after
    ((interface password:keepassxc-interface) &key &allow-other-keys)
    (setf (password:password-file interface) "/path/to/database.kdbx")
    (setf (password:key-file interface) "/path/to/keyfile")

So I just extended that by adding

(setf (password:master-password interface) "MYPASSWORD")

and that worked. I did not have to enter my password in the prompt buffer after restarting nyxt. Then it was a simple matter of finding sample code to read contents of a gpg encrypted file containing the password into a string and replace the “MYPASSWORD” string with lisp code that captured the ouput of a subprocess that ran the command

gpg --no-tty -d /path/to/passwordfile.gpg

Now I don’t have to enter the master password and it is auto setup by reading from an encrypted local file with gpg-agent handling the decryption password for passwordfile.gpg.

Any feedback about the appropriateness or kludgeyness of this solution is welcome.

1 Like

Note that the config file itself can be GPG-encrypted. I’m not sure how that would work, though, as I’ve not tried that.