A lastpass command wrapper for Emacs.
Includes an interactive LastPass mode for managing accounts and some useful functions which can be used to include LastPass in your settings and configurations.
Also featuring a custom auth-source backend allowing LastPass integration.
Table of Contents
- Installation
- Auth-source backend
- LastPass manager
- Function lists
- Interactive functions
lastpass-loginlastpass-logoutlastpass-statuslastpass-getfield (field account)lastpass-getpass (account)lastpass-getuser (account)lastpass-visit-url (account)lastpass-addpass (account user password url group)lastpass-versionlastpass-create-auth-source-account (account hostname)lastpass-auth-source-enable
- Other functions
- Interactive functions
- Example usage
To use this package LastPass CLI version 1.1.0 or newer must be installed. The easiest way to install and configure emacs lastpass is to include this in your init.
(use-package lastpass
:config
;; Set lastpass user
(setq lastpass-user "[email protected]")
;; Enable lastpass custom auth-source
(lastpass-auth-source-enable))This variable can be used to customize how emacs-lastpass interacts with the lpass command utility ls function.
Should be set to a character that is not to be found in any of the following fields:
idaccount namegroupuser name
When using multifactor authentication the variable lastpass-multifactor-use-passcode must reflect wether the user should be prompted for a passcode or not.
By default this variable is set to nil, hence only authentication without passcode is supported.
To enable authentication with passcode, add the following to your init (or in :config in the configuration example above);
(setq lastpass-multifactor-use-passcode t)LastPass auth-source backend can be enabled with the function (lastpass-auth-source-enable).
Host, in emacs, must match the LastPass account name to make this work.
Recommended way of achieving this is to keep a seperate group, for example auth-source, containing all accounts that should be used together with the auth-source backend.
Configuration example can be seen in the Example usage section.
To implement this an advice is used, note that support for the newer 'auth-source-backend-parser-functions is also included:
(if (boundp 'auth-source-backend-parser-functions)
(add-hook 'auth-source-backend-parser-functions #'lastpass-auth-source-backend-parse)
(advice-add 'auth-source-backend-parse :before-until #'lastpass-auth-source-backend-parse))To ease the process of creating a valid auth-source entry in LastPass, the helper function lastpass-create-auth-source-account should be used.
Thanks to Damien Cassou and his auth-password-store for help and guidance.
Interactive lastpass manager can be invoked with M-x lastpass-list-all.
Actions in lastpass-list-all:
enteropen URL in browsernnext lineppreviod linerreload accountsaadd or generate passwordsshow passwordwadd password to kill ringmmove account to groupccreate auth-source from accountddelete accountqquit
List of functions in this package.
Functions that can be run interactively by the M-x interface.
Runs lpass login asynchronously and asks user for password. Note that since this is an asynchronous process it will NOT wait for user input to continue.
Logs out of lpass using the --force option. Good practice to do this whenever lpass functions aren't needed.
Check if lastpass-user is logged in and prints message to minibuffer.
Display custom field for given account.
field should match field from LastPass and account can be either account id or account name.
Display password for given account.
account can be either account id or account name.
Display username for given account.
account can be either account id or account name.
Open URL in web browser. If run interactively it prompts for account, which can be either account name or unique ID.
Add account to LastPass.
Account name, user and password must be specified, but url and group can be set to nil.
When run interactively user is prompted for input.
If password is set to nil, or empty string when run interactive, it will be generated.
Default length is set in lastpass-pass-length and no symbols can be turned on with lastpass-no-symbols.
Display lastpass command line interface version.
Create a copy of the given account and rename it with the given hostname.
All auth-source accounts are stored in the auth-source group in lastpass.
This function is meant to simplyfy the process of creating a valid auth-sourec entry in LastPass.
When using this function in lastpass-list-all, see lastpass-list-all-create-auth-source-account.
Enable LastPass auth-source backend.
Functions that can't be run invteractively.
Run lpass command cmd with arguments args.
Returns a list containing return code and return string, (returncode, returnstring).
Can be used to run custom lpass commmand not implementet in lastpass.el.
Pipe prepend to lpass command cmd with arguments args.
Returns a list containing return code and return string, (returncode, returnstring).
The prepend string must be formatted to correspond with lpass notation, see man lpass.
Can for example be used to add account to LastPass:
(lastpass-pipe-to-cmd "add" "Username: Foo\nPassword: bar" "FooBarAccount")This corresponds to the following shell command:
printf "Username: Foo\nPassword: bar" | \
lpass add FooBarAccount --non-interactiveCheck if lastpass-user is logged in.
Returns nil if user not logged in.
Example usage below.
Get LastPass id for account. Returns nil if no match for account.
Check if logged in to LastPass before running mu4e update. Continues with update if user is logged in and asks user to log in if not.
(defun lastpass-mu4e-update-mail-and-index (update-function &rest r)
"Check if user is logged in and run UPDATE-FUNCTION with arguments R."
(unless (lastpass-logged-in-p)
(lastpass-login)
(error "LastPass: Not logged in, log in and retry"))
(apply update-function r))
(advice-add 'mu4e-update-mail-and-index :around #'lastpass-mu4e-update-mail-and-index)This snippet can be used together with offlineimaps pythonfile and use LastPass when fetching mail.
offlineimap.rc should contain the follwing:
[general]
pythonfile = ~/offlineimap.py
[Repository Remote]
type = IMAP
remotehost = imap.gmail.com
remoteuser = [email protected]
remotepasseval = getLpass()
The python script offlineimap.py should look like:
#!/usr/bin/env python2
from subprocess import check_output
def getLpass():
return check_output("lpass show --password AccountName", shell=True).strip("\n")Use LastPass auth-source when sending mail.
This will replace the .authinfo file containing account and password information.
For this to work, lastpass-auth-source-enable must be run.
The following mail configuration can be used:
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-stream-type 'starttls)
smtpmail-smtp-server "smtp.gmail.com"
smtpmail-smtp-user "[email protected]"
smtpmail-smtp-service 587)For this to work the lastpass account name must be smtp.gmail.com, i.e.
LastPass Vault
└── auth-source
└── smtp.gmail.com