Skip to content

Instantly share code, notes, and snippets.

@stuart-warren
Last active August 3, 2023 11:55
Show Gist options
  • Save stuart-warren/06a114ce90f1b9e61873aca8a19e1cae to your computer and use it in GitHub Desktop.
Save stuart-warren/06a114ce90f1b9e61873aca8a19e1cae to your computer and use it in GitHub Desktop.
password-store encrypted using macbook fingerprint sensor

Tools required

Assumes you use Homebrew and git

Basic setup

# install age
brew install age

# install age plugin for use with apple secure enclave
brew tap remko/age-plugin-se https://github.com/remko/age-plugin-se
brew install age-plugin-se

# install passage password manager
PASSAGE_REPO="github.com/FiloSottile/passage"
git clone https://${PASSAGE_REPO}.git ~/src/${PASSAGE_REPO}
cd ~/src/${PASSAGE_REPO}
make install PREFIX="$(brew --cellar)/passage/$(git describe --tags)"
make install-common PREFIX="$(brew --prefix)"
brew link passage
autoload -U compinit; compinit
cd ~

# create directories
mkdir -p ~/.passage/store

# generate identity linked to apple secure enclave
KEY=$(age-plugin-se keygen --access-control=any-biometry)

# setup identity for passage
echo "$KEY" >> ~/.passage/identities

# add recipients for passage
echo "$KEY" | age-plugin-se recipients >> ~/.passage/store/.age-recipients

# optionally add alias
alias pass="passage"

password-store/age resources

note password-store plugins may not always be compatible with passage

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment