Integrating Password Manager pass into i3 Desktop Environment with Bash Script
Today I’d like to show you my setup for integrate the pass password manager into the i3 desktop environment using a Bash script.
The script is designed to automatically fill in the user
and password
fields in login forms, and if a totp
is present, it generates and copies the OTP code to the clipboard using the “oathtool” utility.
Prerequisites
Before you begin, ensure the following tools are installed (e.g. on Debian-based Linux system using APT):
sudo apt-get install oathtool x11-tools xdotool libnotify-bin rofi pass
“pass” Configuration
Follow the official guide for configuring “pass,” including synchronization with Git. You can find the guide here.
“pass” Data Format:
The script relies on a specific data format within “pass” for storing credentials. Each password file should adhere to the following structure:
<password>
login: <login>
url: <url>
totp: <totp secret>
The Bash Script
Here is the Bash script that integrates “pass” into the i3 desktop environment:
#!/bin/bash
shopt -s nullglob globstar
# BETA - get current window name and use it to filter passwords list
wintit=$(xprop -id $(xdotool getactivewindow) | grep "WM_NAME" | tail -n1 | cut -d "\"" -f 2 | tr '[:upper:]' '[:lower:]' | cut -d " " -f 1)
# get all the saved password files
prefix=${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "${password_files[@]#"$prefix"/}" )
password_files=( "${password_files[@]%.gpg}" )
# shows a list of all password files and saves the selected one in a variable
password=$(printf '%s\n' "${password_files[@]}" | rofi -dmenu "$@" -filter "$wintit")
[[ -n $password ]] || exit
passshow=$(pass show $password)
passw=$(echo "$passshow" | head -n1 )
uname=$(echo "$passshow" | grep "login:" | cut -d " " -f 2)
totpsecret=$(echo "$passshow" | grep "totp:" | cut -d " " -f 2)
# xdotool types the username on the active field
xdotool type "$uname"
# type a TAB (for moving forward in browser input fields)
xdotool key Tab
# type the password in the active input
xdotool type "$passw"
xdotool key Tab
# if a totp is present, generate the code and copy it into clipboard
if [[ -n $totpsecret ]]; then
totp=$(oathtool -b --totp $totpsecret)
notify-send "OTP code $totp copied in clipboard!"
echo "$totp" | xclip -sel clip
fi
Explanation of the Script:
- The script starts by extracting the active window name, which is used to filter the list of saved passwords.
- It retrieves all saved password files, excluding the path and file extension, and displays them using “rofi.”
- The selected password is then shown and parsed to extract the username, password, and, if available, the TOTP secret key.
- Using “xdotool,” the script types the username, presses TAB to navigate through input fields, and types the password.
- If a TOTP secret is present, the script generates the OTP code using “oathtool,” notifies the user, and copies the code to the clipboard.
Configuration in i3
To integrate the script with i3, save the script in ~/.local/bin/pass.sh
and add the following line to your ~/.config/i3/config
file:
bindsym $mod+Shift+p exec ~/.local/bin/pass.sh
This configuration binds the script execution to a key combination ($mod+Shift+p
). Adjust it according to your preferences.
Now, you have successfully integrated “pass” into your i3 desktop environment, providing a seamless and secure password management solution.