A small wrapper script for pass (https://passwordstore.org) that makes it easier to place GPG-encrypted files containing passwords outside of your normal pass directory. This avoids unnecessary git commits, which is nice if you want to place a particular set of passwords on cold storage as part of your security posture, for example.

pass-extern.sh

#!/bin/sh

# A wrapper script to use pass (passwordstore.org) with arbitrary directories.
# Copyright (C) 2019 Will Springer
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

if [ ! "$1" ]; then
  >&2 echo "usage: $(basename "$0") <directory> <pass-args...>"
  exit 1
fi

if [ ! "$PASSWORD_STORE_DIR" ]; then
  PASSWORD_STORE_DIR="$HOME/.password-store"
fi

if [ ! "$PASSWORD_STORE_KEY" ] && [ ! -f "$1/.gpg-id" ]; then
  if [ -f "$PASSWORD_STORE_DIR/.gpg-id" ]; then
    export PASSWORD_STORE_KEY=$(cat "$PASSWORD_STORE_DIR/.gpg-id")
  else
    >&2 echo "ERROR: $PASSWORD_STORE_DIR does not exist or is not initialized"
    >&2 echo "set PASSWORD_STORE_KEY to a valid GPG ID to override this check"
    >&2 echo "(or specify an existing pass directory)"
    exit 2
  fi
fi

export PASSWORD_STORE_DIR="$1"
shift
exec pass "$@"