A rofi-wayland frontend for ZX2C4 pass project. The original repo is not very actively maintained to i decided to give it a go.

Main goal - provide frontend for pass, while keeping it a small, readable single-file script.

Password entry submenu:

Features:

• Create / Read / Update / Delete / move / copy password store entries
• Generate new passwords for entries
• Copy / type individual fields (or autotype based on autotype field) of selected entry
• Support for different password store roots (e.g. personal & work)
• Open URLs of entries with hotkey
• Generate and display QR code directly in rofi (qrencode needed).
• Generate and autotype in OTPs
• Extensive configuration (see ./config.example)
• Clean codebase, linted with shellcheck and formatted with shfmt

Use default binding Alt h to see available bindings. And pass --help | -h flag to this script to see all available flags.

• ZX2C4 pass
• rofi-wayland
• wtype
• wl-clipboard
• qrencode (optional: for generating and displaying pass qrcode)
• pass-otp (optional: for OTPs)

Install from AUR (rofi-pass-wayland-git) or copy rofi-pass script to dir in your $PATH. Script has all needed defaults, but if you want to customise further you can pass your config to the script with one of the following ways:

• $HOME/.config/rofi-pass/config
• ROFI_PASS_CONFIG="/path/to/config" env var.

See example configuration in config.example file.

Default autotype value is user :tab pass. In case you don’t have user: field in your password file it will take value of default_user from your config (defaults to output of command whoami). Or you can set default_user to :basename and autotype will always type basename of password file as username. (i.e. for foo/bar/site.com/jack it will type jack as username)

Example of password store file with autotyping of more than one field, using the autotype entry:

# mail/gmail/[email protected]
de_password
user: MyUser
SomeField: foobar
AnotherField: barfoo
url: http://my.url.foo
# self-explanatory - :tab, :space (might be useful for checkboxes), :enter
# :delay - sleep before proceeding further
# :otp - generate and type an OTP
# path - fill in path of that password entry (in this case
#   mail/gmail/[email protected])
autotype: SomeField :tab user :tab AnotherField :tab pass :space :enter

The format for OTPs should either compatible with pass-otp(1) - otpauth://[...].

Or it should define a method for generating OTPs:

otp_method: /opt/obscure-otp-generator/oog --some-option some args

To access passwords your GPG agent needs to have unlocked your secret key you’re using to encrypt your passwords with. If the secret key hasn’t been unlocked yet it will prompt for the secret key password using pinentry. If pinentry is configured to read from a tty then rofi-pass will hang indefinitely. To fix this you need to configure gpg to use a gui version of pinentry. Afterwards you may have to kill the GPG agent if it’s still in a bad state: killall -9 gpg-agent.

If you have ‘notify’ option set to false in config (it’s a default) you might sometimes just not see some ‘Failure’ messages and just see the script silently exiting after you tried some action.

The script isn’t aiming to cover and display all even most obvious user errors, like not initialized password store in given directory or just non-existant dir. Try running this script form console directly and see displayed errors.