Replies: 2 comments 2 replies
-
I would love if an agent daemon can be implemented so we can login once (within a se time) and keep a session env variable that can communicate with the agent that does the actual decryption. |
Beta Was this translation helpful? Give feedback.
1 reply
-
@msladek That sounds like a reasonable implementation. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The desktop app offers multiple quick unlock options, see here. It would also be convenient to have something similar for the cli. Biometrics might be complicated, but a PIN should be doable.
Now there are multiple ways to do this, but the desktop app "does not actually close the Enpass database but adds just an extra screen for authorization". I don't think this can be done easily without writing a daemon that keeps the db connection open.
We could however encrypt the derived database key with the PIN and write it to (ram)disk. This file could be checked for consecutive runs and decrypted by only providing the PIN.
-pin
flag is provided./run/user/$UID
akaXDG_RUNTIME_DIR
or/dev/shm
or/tmp
for darwin seem like suitable locations.600
file permissions@hazcod WDYT? Is this idea sensible?
Beta Was this translation helpful? Give feedback.
All reactions