gopass exposes some hook-able events during it's invocation lifecycle. This allows uses to inject additional functionality of perform addition logging.
All hooks are subject to the follwing constraints:
- Hooks do not inherit
STDINorSTDOUTfrom the parent process. - Hooks do inherit
STDERRfrom the parent process and may use it to print anything they want. - Hooks always run from the
password-storedirectory. - Hooks are run with the
GOPASS_HOOK=1in their environment and withGOPASS_CONFIG_DIRset to the configuration directory with which the originalgopasscommand was started. - An exit from a hook (or execution failure) cases the entire
gopasscommand to fail. - Hooks have at most one minute to complete.
gopass hooks are non-reentrant by default.
For example take this setup:
[rm]
post-hook: ~/.config/gopass/hooks/post-rm.sh
# ~/.config/gopass/hooks/post-rm.sh
gopass rm some-other-entryand finally
$ gopass rm fooIn this scenario users should expect post-rm.sh to be executed exactly once on gopass rm foo.
But in fact it would be run twice: Once on gopass rm foo and once on gopass rm some-other-entry, i.e. hooks would reenter themselves when they try to use gopass internally.
Since most users would find this confusing gopass do not do this by default. However if you really need to allow reentrant hooks you currently have one workaround:
- You can
unsettheGOPASS_HOOKenvironment variable in your hook before runninggopassinternally.